A CIO talks business sense about cyber security and the CISO

Every so often, I see an interesting piece on Forbes.com. This time it is How To Talk To the Board About Cybersecurity.

A CIO shares his experience working with boards and advice on that challenge for CISOs.

Here are some useful comments (with my highlights):

• If a CIO can’t effectively communicate budget requirements, or a CISO can’t articulate why the risk outweighs the efficiency that would be gained by rolling out a particular technology, it puts not only technical, but business operations and security, at risk.
• … while security teams increasingly recognize the fact that breach prevention is a losing strategy, oftentimes the board is not quite there yet. Just as security teams are recalibrating their efforts towards detection, mitigation, and resilience, CISOs should encourage the board to look at how the organization is equipped to respond when the inevitable occurs—including how it will recover.
• One of the most important things technical leaders can do in communicating with the board is to get on the same page ahead of time. In the day-to-day of security operations (SecOps) and IT operations (IT Ops), priorities often come into conflict. One is…