I want to start with a review of Security & Risk: How to Talk Digital Risk with The Board. It was written and published by the security software firm, RSA, based on research by Gartner.
The article starts well with this:
The conversation around risk … should not be a negative experience. Understanding uncertainty – both possible positive outcomes and potential negative events – provides clarity in decision making. While there may be major trepidation entering a board meeting to discuss risk, the dialogue is fundamental to survival in today’s market. Fear of obstacles and challenges cannot stop organizations from growing. As strategies are built from top down, risk information presented to boards and executive teams will have a direct impact on a company’s success in seizing opportunities in the market and driving future investment.
It is encouraging to see statements like this from a software vendor. Rather than the normal view that risk exists to be managed or mitigated, this paragraph recognizes the need to take risk if you are to succeed. The difficulty lies in making informed and intelligent decisions about how much to invest in cyber rather than in other risk management activities or opportunities. Cyber defense has the potential to cripple a business if overdone!
The Gartner research has three…
