Speakers
Synopsis
Many cyber security leaders struggle to communicate the value and progress of their activities to business leaders at an Executive and Board level. How can we effectively communicate what we are doing and why we are doing it to these busy, non-expert, business leaders?
In a tightening economic environment, cyber teams will no longer enjoy the constant budget growth we have been used to for the last decade. In order to keep resources, we are going to have to be able to demonstrate the organizational value of cyber security.
I have supported a number of multi-billion-dollar organisations across a variety of industries to develop cyber security metrics, executive reporting, and board reporting frameworks.
Cyber security metrics are an important way to quantify cyber security maturity without expensive and cumbersome framework assessments. Metrics are not meant to replace framework assessments, but instead provide a month-by-month view of cyber security maturity to organisational leaders.
These reporting frameworks help give organizational leaders better understanding of, and appreciation for, cyber security. The trust built through this reporting has resulted in significant budget increases and project approvals for the security teams in these organisations.
Unlike some other conference talks, this presentation will include practical examples of cyber security metrics, and example slides on how to present information to executives on topics such as incident response, threat intelligence, project updates, and cyber security training and awareness.
Following this presentation, security leaders should have new tools and examples with which to improve their communication with organizational leaders.
