How to Improve CISO & Board Member Communication
Here is how to establish successful 2-way communication between the board members and CISOs: Beating the learning curve
If you’re a board member, it’s not considered okay if you show up to a meeting without knowing what’s EBITA.
But it's perfectly acceptable for you to not know security, which is not good.
So it’s your responsibility to educate yourself on cybersecurity.
Similarly, CISOs need to learn to express technical things in business language. Seeing the CISO as a true business partner
At a minimum, the board meeting agenda should include a security report by the CISO on any evolving risks.
And the CISO should find the right balance between sugar-coating and giving the worst-case scenario.
The board should ask the CISO the following questions:
- How do you believe cybersecurity fits into the organization's business objectives?
- How do you plan to solve the organization's most significant threats?
- How do you approach collaborating with and influencing others?
- How do you approach compliance in the context of security? CISOs must embrace a wartime mentality
This advice was shared with me by Secretary Ray Mabus, the former secretary of the U.S. Navy.
A wartime mentality means:
- You never can have downtime, relax, and rest on your laurels.
- You need to adapt to new tools and strategies to get ahead of attackers and proactively block attacks before they happen.
Try to go break into your organization yourself to look for weaknesses and vulnerabilities.
That’s how you add more value to your organization and build a better relationship with the board.
What would you add to this?
SecurityScorecard is the global leader in cybersecurity ratings and the only
service with over 12 million companies continuously rated. The company is headquartered in New York and operates in 64 countries around the globe.
For more on aligning with your board to strengthen security, check out these actionable resources that we put together for you: https://bit.ly/3sK87Vb
#cybersecurity #cyberrisk #cyberratings #linkedin