“It’s not a question of if but when” a CISO will be called in to brief the board of directors, RiskLens CEO Nick Sanna writes in a new article for Infosecurity Magazine – and Rule 1 is “Know Your Audience.”
The typical board member is “a former business executive who has led a variety of operational functions and has an orientation toward financial metrics.” A director wants to hear straightforward, businesslike answers to questions such as
“Let’s be candid,” Nick writes. “Typical CISOs can’t answer the questions above in financial terms.” Instead, they’re focused on technical metrics, such as maturity scores achieved or controls implemented.
But now, “cyber risk quantification is enabling a completely new way of communicating and reporting on risk.”
To make the point, Nick shares charts showing outputs from analyses on the RiskLens Platform, based on the FAIR ™ standard for cyber risk quantification.
“Dashboards, key risk indicators, ROI on security projects – this is a different level of communication than CISOs have been able to offer boards before” that “allows CISOs to make their support case in the bottom-line language the board wants to hear,” Nick writes.
Read the complete article Building a Cyber Risk Report Your Board Will Love in Infosecurity Magazine.
More recent recognition of FAIR and the business imperative for cyber risk quantification:
RiskLens is leading a revolution in the way cyber risk is assessed, measured and managed by bringing to market a Software as a Service solution that makes cyber risk quantification a reality.
We help organizations translate cyber risk from the technical into the economic language of business.