In an article just published on the SecurityWeek website, Communication Is Broken Between CISOs and the Rest of the Business, RiskLens CEO Nick Sanna takes CISOs to task for failing to upgrade their communication skills, as senior management and boards increasingly focus on cybersecurity concerns.
“Time was, the rest of the business might have bought into the idea IT security was unique among business functions, with processes, standards and language too technical to be understood by ordinary business folk,” Nick writes. “Now, board members and senior management are likely to wave off CISO techno-speak and push to get their questions answered on their terms.”
His advice to CISO’s: “Understand that, if you’re not communicating about cyber risk in business terms, dollars and cents, you’re not communicating.” In particular, he points to Factor Analysis of Information Risk, the FAIR model that powers the RiskLens application and enables quantification of cyber risk in financial terms.
FAIR closes the communication gap, Nick writes. “A CISO can start directly answering questions on how much cyber risk the organization faces, what risks are higher and lower priority, where spending on controls should be directed and, based on experience with the effectiveness of those controls, what’s an expected return on investment in terms of risk reduction.”
Read the complete article, Communication Is Broken Between CISOs and the Rest of the Business by Nick Sanna on the SecurityWeek website.