Cybersecurity professionals are being asked increasingly to prepare materials for and give presentations to their enterprise board of directors. Communicating priorities to any board member requires understanding the board perspective on the subject that is being considered. This means recognizing that board members have an overall enterprise perspective that subsumes cybersecurity. Therefore, gaining attention (and being relevant to the board) requires placing cybersecurity concerns in the context of business objectives—cybersecurity practitioners need to learn how to speak the language of business.
This white paper will help to lay out the landmarks that can be used to better understand how to adapt cybersecurity matters for consumption by professionals who are less knowledgeable about technology. The goal is to better understand the process of reporting technology risk to the board and provide context for how to tailor their messages. This white paper provides an overview of the role and structure of boards, and information on presenting cybersecurity as a strategic risk, scenario analysis, risk economics, risk appetite, metrics and dashboards. These discussions help technology professionals to communicate cybersecurity risk in ways that businesses can understand.
Views: 1
