Last day to get an iPad Air w/ Smart Keyboard or Pixel 4a Smartphone with 5-6 day course registration! View details.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

How to Present Cyber Security Risk to Senior Leadership

  • Thursday, June 25, 2020 at 10:30 AM EDT (2020-06-25 14:30:00 UTC)
  • James Tarala

You can now attend the webcast using your mobile device!



In an age when data breaches are a daily occurrence, senior leadership teams and boards of directors want assurances that their cyber security programs are doing what is required to defend their organization. But at the same time security teams are struggling to quantify risk or find effective strategies for presenting risk to leadership in a way that clearly communicates the reality of the risk an organization is accepting. Even security professionals are struggling to agree how to define or measure risk effectively.

In this presentation, James Tarala will share lessons learned from research into risk management and his experiences communicating about risk to boards of directors and C-Suite leadership teams. He will present specific strategies to consider when measuring risk, communicating risk, and helping security teams realistically setting expectations with business stakeholders. While this topic traditionally has been a nebulous, vague conversation, in this presentation, listeners will learn actionable steps to communicating risk in more effective ways.

Speaker Bio

James Tarala

James Tarala is a principal consultant with Enclave Security based out of Venice, Florida, and a SANS Senior Instructor. As a consultant, he has spent the past several years designing large enterprise security and infrastructure architectures, helping organizations to perform security assessments, and communicating enterprise risk to senior leadership teams. He is the author and an instructor for SEC566: Implementing and Auditing the Critical Security Controls, SEC440: Critical Security Controls: Planning, Implementing, and Auditing, and a co-author and instructor for MGT415: A Practical Introduction to Cyber Security Risk Management. Read more about James here.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.