Executive Briefings

Cybersecurity Is Company-wide Effort, Not Something Left Totally Up to the Chief Information Security Officer

Thanks to the constant stream of mega-breaches, cybersecurity has moved from the server room to the boardroom. While it's become evident that cyber defense requires board-level input and attention, translating deeply technical cybersecurity and risk factors into business terms has been an ongoing struggle.

For those enterprises that have a CISO (and way too many still don’t), demanding internal clients such as the board, risk committees and CFOs are asking tough questions. But given the sense of urgency around cybersecurity, CFOs and risk managers must be collaborators, not interrogators.

In cybersecurity circles, the idea of “aligning security with the business” gets a lot of lip service, but alignment is not a one-way street. There are some very real challenges associated with implanting cyber-risk management as a business function — challenges that are not just “cyber” problems, but business problems with roots in areas beyond the cybersecurity domain.

Read Full Article

For those enterprises that have a CISO (and way too many still don’t), demanding internal clients such as the board, risk committees and CFOs are asking tough questions. But given the sense of urgency around cybersecurity, CFOs and risk managers must be collaborators, not interrogators.

In cybersecurity circles, the idea of “aligning security with the business” gets a lot of lip service, but alignment is not a one-way street. There are some very real challenges associated with implanting cyber-risk management as a business function — challenges that are not just “cyber” problems, but business problems with roots in areas beyond the cybersecurity domain.

Read Full Article