Talking to the Board About Cyber Risk – A Metrics-based Approach

Presented by

Ariel Evans, CEO, Innosec

About this talk

The rise of attacks resulting in huge business losses have brought cyber security into the board room. Prior to the Target breach, the board of directors was not very interested in cyber security. However, things have changed, and we see more and more CISOs reporting into the CRO, CFO, or CEO and not the CIO. Put simply, if you report into the board more than once or twice a year you have to be speaking their language. Cyber breaches have impactful results. In 2015, Target’s CEO Gregg Steinhafel, a 35-year employee of the company with the last six at the helm, was forced to resign in light of the recent holiday-season credit-card security breach that affected 40 million customers. As a result, we are seeing a major shift in corporate cybersecurity policy. The board of directors is no longer interested in check box compliance. They are understanding their role much better. They are responsible to ensure that cyber controls are in place that protect business assets of the firm in alignment with their risk tolerance.

Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (1759)
Subscribers (47598)
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in various e-business and security skills. It is the owner and developer of the world famous Certified Ethical Hacker (C|EH), Computer Hacking Forensics Investigator (C|HFI) and EC-Council Certified Security Analyst (E|CSA)/License Penetration Tester (L|PT) programs, and various others offered in over 60 countries around the globe.