When CISOs are briefing their executive teams or boards on the organization’s security (usually only when there’s a security incident), this is usually the challenge. Distill the volumes of data, assets, silos, operations, threats, and remediations down to a couple of key points. And this is to an audience who typically get their security information from their mobile newsfeed or WSJ. No wonder the average tenure is about 18 months for most CISOs.
How to “Connect Security to the Business” (CSTB), describes the issues and suggests some meaningful ways CISOs, CIOs, and their IT Security teams can effectively communicate security metrics to the business or mission leadership.