CISO Hot Topic: Communicating to and Influencing CEOs and Boards of Directors: What Works and What to Avoid

  • Webcast Aired Tuesday, 09 Feb 2016 6:00PM EST (09 Feb 2016 23:00 UTC)
  • Speakers: Alan Paller, John Pescatore

With security breaches regularly making headlines in mainstream media, CEOs, boards of directors and agency heads are focusing on cybersecurity and looking for answers from the CISO. As part of a continuing series of 'CISO Hot Topic' sessions, at SANS Scottsdale SANS will present sessions with real world advice and 'What Works' examples for CISOs to learn how to take advantage of opportunities to interact with top management in ways that lead to increases in the effectiveness of the security program.

This briefing can be also be attended in person at our Scottsdale training event. Click here to register to attend in person.

In the Scottsdale area? Join us at the Live Event. Register here
Agenda:
Thursday, November 5, 2015
Time Event
4:00pm - 4:30pm Opening Talk: Kim Jones, Vantive CISO
4:30pm - 5:00pm Creating and Monitoring Business Meaningful Security Metrics

John Pescatore, SANS Director

5:00pm - 5:45pm The Most Important Errors CISOs Make in Briefing Top Executives and Boards, And Four Techniques That Have Worked Well

Alan Paller, SANS Founder and Research Director

5:45pm - 6:30pm Discussion and Networking Reception
Highlight points:
  • Briefing the board of directors is an opportunity to proactively improve the visibility security receives - which can be a good thing or a bad thing. However, it is also an opportunity to make mistakes that hurt a career.
  • In order to take advantage of the opportunity to brief the BoD, CISOs need to understand the expectations board members have when they hear from any C-level corporate executive. SANS discussions with board members shows that all too often there is a big disconnect.
  • Effective communications to the board requires both meaningful data and a communications approach and style that work to actually influence BoD member's discussions and recommendations and to drive the change necessary to make advances in corporate cybersecurity.