Why The Business Should Own Cyber Risk?

FAIR Institute Chairman, Jack Jones, has been published on ISACA's The Nexus. His post titled, "Risk Acceptance At The Executive Level," explores which responsible party owns risk: the Chief Information Security Officer (CISO) or the business executives. The following topics covered in the piece are:

• The popular notion held by the business that the CISO owns cyber risk.
• Defining the role of CISO in the risk acceptance process.
• The need to communicate in terms that are meaningful to executives.

Take a read to learn more.