More than ever before, CISOs need to be able to effectively communicate the value of their teams’ efforts across the entire organization as well as upstream to the C-suite and Board of Directors by speaking in a language the rest of the organization can understand. This is the case not only in commercial organizations, but also the public sector.
Effectively communicating risk to every level of the organization is critical in these day of breaches and subsequent class action lawsuits, because when lawyers talk about ‘due care,’ it is often in the context of liability and negligence.
These conversations should happen prior to any adverse security events, not after the damage has been done, and in this way the value proposition of security becomes an integral part of every business unit’s efforts and the organization can realize a return on their security investments.
In this video, security experts Dwayne Melançon, Thom Langford, Steven Fox, Michael Oberlaender, Lana Davenport and Bryce Schroeder discuss the challenges involved in establishing clear means of communicating risks to stakeholders in order to more effectively achieve and maintain a viable security posture that enables the business.
Dwayne Melançon (@ThatDwayne) is Tripwire’s Chief Technology Officer, responsible for leading the company’s long-term product strategy to meet the evolving data security needs of global enterprises. With more than 25 years of security software experience, Melançon has spearheaded numerous initiatives during his tenure, including executive responsibility for business development, professional services and support, information systems and marketing.
Thom Langford (@ThomLangford) is the Director of Security Risk Management in Sapient’s Global Office, responsible for advising on delivery, compliance and current industry security risks. Langford is also recognized as an award-winning blogger and international public speaker. Prior to his security leadership role at Sapient, Langford was as an IT Manager and IT Architecture Consultant at PricewaterhouseCoopers.
Steven Fox (@SecureLexicon) is a Senior Security Architecture & Engineering Advisor at a federal agency. He is also a former Detroit ISSA Chapter Board Member, co-organizer for Security B-Sides Detroit, and a Distinguished Fellow at the Ponemon Institute, as well as having been a regular contributor to CSO Online for several years.
Michael Oberlaender (@MSOberlaender) is a world-renowned security executive, thought leader, author and subject matter expert that has worked in executive-level roles both in IT and security for more than two decades. Recently, he has been serving as Chief Security Officer for European cable network provider, Kabel Deutschland AG, in Munich, Germany, and before served as Chief Information Security Officer for FMC Technologies, Inc., a leading oil field services and engineering company. Michael is also the author of the book C(I)SO – And Now What?: How to Successfully Build Security by Design.
Lana Davenport (@DavenportLana) is the manager of information security at FedEx Services with broad experience in IT, information security and project management. Prior to her leadership role at FedEx, Lana served as a business analyst for the International Paper. Lana holds an M.S. degree in Computer Science from the University of Tennessee-Knoxville and an M.S. from Moscow State Linguistic University.
Bryce Schroeder is Tripwire’s Senior Director of Systems Engineering. He brings extensive IT architectural experience and deep focus to successfully solve customer issues with Tripwire solutions. Bryce joined Tripwire from NetApp where he led a team of Architects and Systems Engineering in enterprise Cloud infrastructure solutions.
- Board Dynamics: Do BoDs Understand the Impact of Cyber Attacks?
- Communicating Risk More Effectively
- Using the Top 20 Critical Security Controls to Get your CFO’s Attention
- The Role of Security in Creating a Standard of Due Care
The Executive’s Guide to the Top 20 Critical Security Controls
Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].
Title image courtesy of ShutterStock