FAIR Institute Chairman, Jack Jones, has been published on ISACA's The Nexus. His post titled, "Risk Acceptance At The Executive Level," explores which responsible party owns risk: the Chief Information Security Officer (CISO) or the business executives. The following topics covered in the piece are:
- The popular notion held by the business that the CISO owns cyber risk.
- Defining the role of CISO in the risk acceptance process.
- The need to communicate in terms that are meaningful to executives.
Take a read to learn more.