That is the title of an article ISACA published this month.
It is a high-level, non-technical piece that makes a lot of sense. I like it and you may as well.
To put it in context, I was reading earlier in the week (sorry, I can’t find the article to share) that investments in cyber were flat and not being given a priority by management.
Clearly, there is a growing disconnect between the levels of risk seen by practitioners responsible for cyber and their more senior management.
This article won’t solve that, but it does have some sensible things to say.
Everything starts from the top: C-suite executives and the board. They are responsible for every business decision, so why do they often try and wash their hands of anything cyber?
In my experience, the answer is fear and uncertainty. Executives, either due to lack of technical understanding or complexities in technological solutions, feel overwhelmed or maybe incapable of addressing cybersecurity issues. However, without management’s buy-in, cybersecurity experts have a tough road ahead of them to protect the organization from threats.
As CISOs and other security leaders, our first task is to simplify the cybersecurity language into something most people understand, including the C-suite and the board.
In Making Business Sense of Technology Risk, where…
