For several years, IT professionals identified the importance and need for Corporate Boards to receive the story directly from the CISO. First problem, not every organization had a CISO. Second problem many CISOs could only communicate with their Board through a proxy, like the CIO or CFO or through a canned compliance-level briefing. During the last 2-3 years, the headlines began to announce data breaches involving millions of data records. The federal government has negotiated settlements of millions of dollars in fines. One of the intentional consequences is governing boards are increasingly motivated to learn more and provide more influence on their organization's security management. All Boards understand or are beginning to understand their responsibilities around preventing and properly handling data breaches. That understanding begins with more involvement with their CISO. However, now that CISOs have seemingly got their wish to have a direct and frequent avenue to their Boards, what is effective to tell them? What do CISOs need to ask from their Boards? In this session, we will share some lessons learned and describe the journey one takes with the Board as that relationship grows. This is designed as a collaborative, participative forum and audience participation is encouraged to share ideas, frustrations, and common understanding.
Takeaways: