CISO Hot Topic: Communicating to and Influencing CEOs and Boards of Directors: What Works and What to Avoid
With security breaches regularly making headlines in mainstream media, CEOs, boards of directors and agency heads are focusing on cybersecurity and looking for answers from the CISO. As part of a continuing series of 'CISO Hot Topic' sessions, at SANS Scottsdale SANS will present sessions with real world advice and 'What Works' examples for CISOs to learn how to take advantage of opportunities to interact with top management in ways that lead to increases in the effectiveness of the security program.
This briefing can be also be attended in person at our Scottsdale training event. Click here to register to attend in person.
In the Scottsdale area? Join us at the Live Event. Register here
Agenda:
Thursday, November 5, 2015
| Time | Event |
|---|---|
| 4:00pm - 4:30pm | Opening Talk: Kim Jones, Vantive CISO |
| 4:30pm - 5:00pm | Creating and Monitoring Business Meaningful Security Metrics John Pescatore, SANS Director |
| 5:00pm - 5:45pm | The Most Important Errors CISOs Make in Briefing Top Executives and Boards, And Four Techniques That Have Worked Well Alan Paller, SANS Founder and Research Director |
| 5:45pm - 6:30pm | Discussion and Networking Reception |
Highlight points:
- Briefing the board of directors is an opportunity to proactively improve the visibility security receives - which can be a good thing or a bad thing. However, it is also an opportunity to make mistakes that hurt a career.
- In order to take advantage of the opportunity to brief the BoD, CISOs need to understand the expectations board members have when they hear from any C-level corporate executive. SANS discussions with board members shows that all too often there is a big disconnect.
- Effective communications to the board requires both meaningful data and a communications approach and style that work to actually influence BoD member's discussions and recommendations and to drive the change necessary to make advances in corporate cybersecurity.
