“It’s relatively rare that you get security leaders and board members together on a panel to talk about things,” says Wade Baker, who moderated “What CISOs Need to Tell the Board About Cyber and Technology Risk” panel discussion at FAIR Conference 2017.
Baker leads the Cyentia Institute which produced a major study on CISO-Board communication and is working on a new study about the metrics Boards want to see.
He was joined by
- Yong-Gon Chon, CEO of Focal Point Data Risk
- Austin Adams, Board Member, KeyCorp, CommScope, and former CIO, J.P. Morgan
- Christopher Porter, CISO, Fannie Mae
- Kim Jones, Professor, Arizona State University, former CSO, Vantiv
“The repeated theme I kept hearing from the panel is that CISOs and the board members think differently,” says Baker. “We all know that but it’s nice to get more insight to how they think differently.”
One big takeaway for CISOs: “Just remember you are not talking to security people and you’ve got to think how this is relevant to the business. By the way, that’s incredibly useful for security leaders, too, because we tend to be trapped in our own technology and security world.”
For more tips on communicating to the Board and the business, see the entire video of the panel discussion on the FAIR Institute’s Member Resources page—a (free) membership is required.
Here’s a preview:
Thanks for reporting a problem. We'll attach technical data about this session to help us figure out the issue. Which of these best describes the problem?
Any other details or context?
More from the 2017 FAIR Conference:
When Non-Compliance Is A-OK [Video]
What Metrics Matter in Risk Management [Video]