CISO Strategy

CISO Strategy

 

What the CISO Should Do to Help the Board Make Informed Decisions Around Security and Risk

  1. Develop and communicate a security mission statement rooted in business enablement
  2. Determine your risk appetite and document your risk tolerance in layman’s terms
  3. Choose a security framework and map initiatives to that framework
  4. Establish unbreakable rules around security responsibility and information sharing
  5. Keep the board updated on security trends and be prepared to discuss specifics, such as how the organization is responding to a specific threat drawing headlines

What the Board Should Do to Support a Culture of Security Awareness and Accountability

  1. Approach and understand cybersecurity as an enterprise-wide risk issue
  2. Learn the legal implications of cyber risks
  3. Access cybersecurity expertise by giving cyber risk discussions adequate time on the board meeting agenda
  4. Set the expectation that management will establish an enterprise-wide risk management framework with adequate staffing and budget
  5. Discuss cyber risks from the perspective of identifying which risks to avoid, mitigate, accept, or transfer through insurance, as well as specific plans associated with each
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s