Articulating Risk to Senior Management: Infosecurity Europe 2015, Keynote Stage
Buy-in from senior management is repeatedly cited as a key driver of effective information risk management. Cyber security is certainly high-up on most board agendas following high-profile breaches and pressure from governments and regulatory bodies, however increasing board awareness doesn’t always translate into effective information security decision-making or support. Information security practitioners continue to state that articulating risk to senior management remains a big challenge. This is often aggravated by the fact that when investment is secured, it is often difficult to demonstrate the return on that investment.
As enterprises become more connected, attackers become more sophisticated, and the likelihood of a breach increases, it has never been more important for information security practitioners to be able to translate risk into the language of the business. During this panel, the speakers shared best practice advice on how to articulate risk and depict the business value of information security, so that senior management understand the decisions they are being asked to make.
- Understanding the key priorities of senior management and how this should inform communication strategy
- Identifying appropriate risk metrics and KPIs to communicate effectively to senior management
- Discovering how to communicate information security performance to demonstrate ROI
- Gaining practical advice on how to build a case for investment in security and incident response
- Determining how to manage senior management involvement in information security
To see the full discussion, check out the Keynote video below:
Business Issues Covered
Deliver security to drive and enable clear business growth. Demonstrate clear thought leadership to ensure security is high on the corporate agenda and capex justified. Ensure information security projects demonstrate return on investment. Build cyber resilience within your organisation.
View the Presentation Slides
David Cass – Senior Vice President & CISO, Elsevier
Mike Pitman – CISO, Head of Information Security, John Lewis
James McKinlay – Head of Information Security, Worldline
Thom Langford, CISO, Publicis Groupe
Peter Wood, Security Advisory Group, ISACA London Chapter