Why your board doesn't want to hear from you!

Thursday
 
28
 
November
11:05 am
 - 
11:45 am
Topic
Security Strategy / Leadership
Agenda
Sign in to add this session to your agenda
Add to My AgendaAdded to My Agenda
Location
Room 218
Theme
Leadership & Governance in Cyber Security

Speakers

Brendan Smith
Brendan Smith

Brendan Smith

Brendan Smith

CISO / Principal Consultant
Prism Cyber by Cube Networks

Synopsis

Too many security leaders fail to gain meaningful engagement with their boards because their communication styles are incompatible. Boards are frequently uneducated in cybersecurity, don’t connect it with business outcomes and risk, and therefore pay lip service to the quarterly or biannual visit by someone they regard as either the merchant of doom or a benign technologist.

This presentation will focus on how CISOs can balance their two key responsibilities in this regard: educating the board and engaging strongly so that the board will come along on the cybersecurity journey. If a CISO can gain the board’s confidence then they are in a position to present, and have endorsed, their security strategy and program of works.

As CISOs have this vital role to educate, inform and guide boards, the failure to get on the same page means a failure in their ability to do so. Ultimately this means that board members believe that they have done their fiduciary duty, but have they? But the issue is not always just with the board, of course - CISOs must also educate themselves to ensure that they are delivering what is really required.

A key focus of this presentation, therefore, is helping everyone to understand the communication requirements for successful board-CISO relationships.

Of course CISOs have more stakeholders than just the board, and so we will discuss the importance of ELT relationships and the role of the CIO in ensuring that the cybersecurity stategy is integrated into the technology or digital strategy.

Topics we will cover include:

  • The importance of board access for security leaders
  • The CISO’s role as a board and executive educator
  • What boards want to hear, and how - the importance of data-driven information
  • What boards don’t want to hear, which is why security leaders often fail!
  • Crafting a security strategy that will win approval
  • Integrating security and technology strategies, and the role of the CIO
  • Presenting your security strategy - using storytelling principles to bring the board on your journey

As a part of this presentation we will demonstrate a structure for a cybersecurity strategy that can be applied to many organisations with limited modification. We have used this strategy template with a number of boards successfully to gain both understanding of our direction and endorsement of the security program.

Back to Program

Acknowledgement of Country

We acknowledge the traditional owners and custodians of country throughout Australia and acknowledge their continuing connection to land, waters and community. We pay our respects to the people, the cultures and the elders past, present and emerging.

Acknowledgement of Country