Paul Connelly, former CISO turned board advisor, impartial director and mentor, finds many CISOs focus too closely on metrics whereas the board is in search of extra strategic insights. The board doesn’t have to know the outcomes of your phishing take a look at, says Connelly. Boards are targeted on dangers the group faces, methods to handle these dangers, progress updates, obstacles to success, and whether or not they’re tackling the precise issues.
“I coach CISOs to check their board — learn their bios, perceive their background, and perceive the fiduciary accountability of a board,” he says. The purpose is to grasp the make-up of the board and their priorities and channel their metrics into threat and menace evaluation for the enterprise.
Utilizing this info, CISOs can develop a narrative about their program aligned with the enterprise. “That prime-level story — supported by measurements — is what boards wish to hear, not a bunch of metrics on malicious emails and important patches or scary Rooster Little-type of threats,” Connelly tells CSO.
