Search 6,000+ CA Community College Courses

Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

The Security Team at the Top - The Board of Directors

USENIX Enigma Conference via YouTube

Start learning Write review

Overview

Explore a 21-minute conference talk from USENIX Enigma 2022 that delves into the often-overlooked yet potentially most influential security team in an organization: the board of directors. Gain insights from Anthony Vance of Virginia Tech as he shares findings from in-depth interviews with board directors, CISOs, and senior-level consultants. Discover the challenges CISOs face when engaging with boards, learn strategies for gaining strategic importance in supporting and advising directors, and understand how to help boards realize their potential as a powerful security asset. Uncover valuable tips for CISOs, including negotiating board access, building relationships with stakeholders, and effectively communicating risk in business context. Examine the importance of speaking the board's language, setting realistic expectations, and leveraging the board's influence to increase C-suite attention and support for security initiatives.

Syllabus

THE ADVANCED COMPUTING SYSTEMS ASSOCIATION
Security Teams
Determine risk tolerance
Most boards lack cybersecurity expertise
Many CISOs don't know how to effectively engage the board
Gartner CISO Coalition
Purpose
In-depth interview field study
The 'CISO' title doesn't grant credibility
Credibility can be built through engagement
Don't wait to be called on
Tips
Negotiate access to the board
Understand what makes each board member tick
Build relationships with stakeholders
COO CIO CEO CFO HHR
Share information with board members
Pre-arm the CEO with information
How to communicate with the board?
Explain risk in context of the business
"They don't care about my vulnerability management project. They really don't." CISO
Don't use fear
Security 101
Set realistic expectations
The reason they didn't gain that is because they couldn't. They didn't speak the business language. ... They spoke the technical language and it just created a barrier that they couldn't speak at the level of the board and what the board wanted to hear. CISO
The power of the board and CISO working together
Increase attention from C-suite
Back up the CISO
Take-aways
1. The CISO title isn't enough
2. Virtuous cycle of board engagement
Boards can become an immense resource for CISOS

Taught by

USENIX Enigma Conference

Reviews

Start your review of The Security Team at the Top - The Board of Directors

Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.