The board and cyber security

There’s another useful article on Forbes. How to talk to the board about cybersecurity is written by an experienced CIO, John Matthews. Here are some useful excerpts with my highlights:

• For technical professionals who increasingly find themselves plucked out of technical operations centers and dropped into boardrooms, learning to speak the language of business is critically important, not just for their jobs and teams, but for the business as a whole. If a CIO can’t effectively communicate budget requirements, or a CISO can’t articulate why the risk outweighs the efficiency that would be gained by rolling out a particular technology, it puts not only technical, but business operations and security, at risk.
• …while security teams increasingly recognize the fact that breach prevention is a losing strategy, oftentimes the board is not quite there yet. Just as security teams are recalibrating their efforts towards detection, mitigation, and resilience, CISOs should encourage the board to look at how the organization is equipped to respond when the inevitable occurs—including how it will recover.
• In the day-to-day of security operations (SecOps) and IT operations (IT Ops), priorities often come into conflict. One is…