The CISO script
How to talk to non-technical business leaders about security risk - and get them to act
How to talk to non-technical business leaders about security risk - and get them to act
The updated NIST Cybersecurity Framework recognises this by adding governance as an overarching strategic goal, alongside the ability to identify, protect, detect, respond to, and recover from an incident.
Security is governed by business leaders, senior managers, executives, and the board. Many of them will not have a security or even a technology background, but they will somehow need to understand the cyber risks the organisation faces and how to manage and mitigate them.
There is no one-size-fits-all way of explaining security risk to business leaders. No two people or organisations are the same. Each has their own culture, history, expertise, perceptions, and appetite for risk.
This guide helps you articulate to a CISO how to effectively protect the company and its assets, they need to know how to engage and involve these disparate groups and individuals in the security conversation. It helps you:
The role of CISOs and SIEM
See what's what with landscape forecasts, adversary tactics, and systems.
CISO Andrew Hollister outlines key aspects of modern threat detection and incident response
Before taking the leap of faith, it’s best to have as much information as possible.
Share this story
Let us know what you think about the article.
