Paul Connelly, former CISO turned board advisor, impartial director and mentor, finds many CISOs focus too closely on metrics whereas the board is on the lookout for extra strategic insights. The board doesn’t must know the outcomes of your phishing check, says Connelly. Boards are targeted on dangers the group faces, methods to deal with these dangers, progress updates, obstacles to success, and whether or not they’re tackling the appropriate issues.
“I coach CISOs to review their board — learn their bios, perceive their background, and perceive the fiduciary duty of a board,” he says. The purpose is to know the make-up of the board and their priorities and channel their metrics into danger and risk evaluation for the enterprise.
Utilizing this info, CISOs can develop a narrative about their program aligned with the enterprise. “That top-level story — supported by measurements — is what boards need to hear, not a bunch of metrics on malicious emails and significant patches or scary Hen Little-type of threats,” Connelly tells CSO.
Arabic
Chinese (Simplified)
Dutch
English
French
German
Italian
Japanese
Korean
Latin
Portuguese
Russian
Spanish