Dwayne Melancon (@ThatDwayne), Chief Technology Officer at Tripwire, discusses the importance of establishing a good risk framework, which enables the business to operate with confidence.
“I speak with CISO’s all around the world, and a few common themes have emerged. The first is that they must appeal to non-technical stakeholders to obtain or maintain their resources; the second is that communicating the business value of security is critical; and the third is that they are struggling to find the right tools — visuals, metrics, and vocabulary — to convey the value of their efforts,” said Melancon.
“The good news is that non-technical executives are listening thanks, in part, to the high profile attacks and breaches in the news today. My quest is to help these executives get their messages across in an effective way and deliver real confidence to their businesses,” he continued.
Melancon says that when you talk about risk to a security person, they believe that risk is something that must be stopped or mitigated. “But if you talk to a business person, risk is where opportunity is.”
“Having a common understanding, a good risk framework, a good view of the safeguards and controls that you put in place – not only because they stop things, but because they enable the business to operate at a more rapid pace with more security and more confidence. You can strike that balance, but it really takes both sides to engage in risk management,” said Melancon.
Image courtesy of ShutterStock