Are you reporting your poor cyber-security posture to the board? 🏢

Are you reporting your poor cyber-security posture to the board? 🏢

Why not?

As a director or c-suite exec, you are obligated to ask about and identify risks to the company/organisation. How big is your risk appetite?

Forbes recently posted “10 Strategies CISOs can use to improve Board Cyber Risk Reports” (link in comments) which is a great snapshot of just a few important actions you should be taking *today* – not just as a CISO, but as any board member or executive.

My top 3 picks from their article:

1. “Resist the temptation to filter the bad news” 📰
Don’t lie to the board, don’t fudge your numbers, don’t report mistruths. The board is there to assist you, prioritise and strategise; be transparent and honest.

2. “Avoid vain metrics” 🔢
Number of incidents raised/resolved on its own is nothing but show-boating. Identify percentage of incidents by business systems or processes and you’re beginning to provide extra value.

3. “Clearly and concisely explain critical risks outside of appetite” ⚠️
“How big is your risk appetite”? If your organisation has identified a risk that has a high likelihood and impact, it’s a critical risk that must be mitigated. Don’t sweep it under the carpet.

Forbes Article: 10 Strategies Chief Information Security Officers can use to Improve Board Cyber Risk Reports

0 0 votes
Article Rating

Posted

in

by

Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x