­
FireSide Chat On “ How To Present Cyber Security Risks To Senior Management?” - All Articles - CISO Platform

 

Allan Alford, CTO, and CISO TrustMapp joined us for a Fireside Chat with Bikash Barai, Co-Founder, CISO Platform, and FireCompass on “ How To Present Cyber Security Risks To Senior Management?”. 

Allan has been a security veteran who has played the role of CISO more than 5 times in his career, the talk starts with some of his experiences of successful board meetings. 

 

How To Have A Successful Board Meeting 

 

  1. Start with a story - One must harness some storytelling capability while presenting to the board. 
  2. Populate with data - Always populate your story with valid data, and the data must be something that the board expects to see, which is more of business data than technical data. 
  3. The first slide should always be “what happened in the last meeting?”, followed by what happened since then and the process of that. One needs to show the board proof that the last investment was a “pay off”. Give a full picture of where you were last time and where you are now.
  4. The next slide should ideally be a summation of the top 5 business risks that you are facing. 
  5. Number 3 should be the action plan on those business risks. Which is basically setting a premise for the next board meeting. What one presents on slide 3 would be slide 1 for the next meeting. 
  6. It’s also a great way to start communicating with the board on organization maturity scores. One can get an outside firm to evaluate the maturity score. And update the numbers to board every time. 
  7. Share stories about how you met your business objectives. Storytelling could be an important tactic to get the attention of the board, starting with the classic “once upon a time, our business was struggling with this” could be a way of starting the story. Which can then move towards how you managed to overcome the situation and achieved the business goals. 
  8. Do not try to get board members to make decisions during the board meeting. If there is any bad news, one needs to share it with the board before the meeting and avoid negative surprises, Similarly if there is a big decision that needs to be made, one needs to have the board aligned on it before the meeting happens. 

 

Listen to the whole conversation to learn more about the subject.

E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform