By Steve Kahan
A CISO’s ability to communicate becomes even more important when trying to get the attention of an executive board. Now that IT security is an essential part of risk management, chief information security officers (CISOs) must effectively present their case to c-level executives in order to articulate risk posture, explain strategy, or get more budget. By simplifying security issues into nontechnical terms, and mapping out a clear storyline, CISOs can productively position themselves to be key influencers in the boardroom. The following are three helpful strategies for helping CISO to effectively communicate to the Board of Directors:
1. Use Analogies to explain complicated technical concepts to help the board “understand” security issues. Executives in the boardroom are typically nontechnical people, so it’s important to illustrate information security in a more accessible way through common language and general business terms. Security analogies, such as a home robbery, are excellent way to begin conveying complex ideas.
2. Understand business goals and align them with why the board wants a CISO in the room. Align the goals of the business with your overall security strategy. Board presentations should focus on security’s role in helping the business achieve its business goals the.
3. Make sure you can answer the question, “How secure are we?” Break this question down into tangible components to help board members understand the basics, such as security posture compared to peers, where the gaps are, and how to fill those gaps. Thycotic’s Privileged Password Vulnerability Benchmark assesses your risk from a data breach that targets privileged account credentials. The Benchmark gives your organization a grade (A-F), and compares your score with industry peers. The Privilege Password Vulnerability Benchmark is free- Download now.