Reference no: EM133499353
Case: As a security leader, you will need to demonstrate the effectiveness of the cybersecurity solutions you employ concerning each stakeholders' area of expertise. Using key performance indicators (KPIs) provides visibility into your architecture which you can use to answer performance-related questions when presenting. Executive-level risk reporting will allow you to explain business risks and mitigation strategies in terms your board of directors will understand, ensuring that all parties are aligned.
A 2018 survey of Chief Executive Officers (CEOs) and boards conducted by Deloitte
Links to an external site. stated, "cyber risk reports often focus on technical details and technological risks. Yet CEOs and board members could benefit from-and be more engaged by-cyber risk reporting and assurance that focus more on business risks and impacts."
Specifically, board members are looking for reports that include:
- Approachable language that does not require board members to be cyber experts
- Quantitative information about cyber risks
- The progress made over time to address an organization's risk
For this assignment, you'll be designing a cybersecurity reporting strategy for an upcoming board meeting. Your Chief Information Security Officer (CISO) asked for your assistance on what they should present to the Board. Also, the presentation should consist of 3 to 5 slides of content based on supplemental research using scholarly resources. You will conduct independent research aligned to this week's course objectives.
At a minimum, your voice-over presentation should answer the following questions. In addition, you should address two to three additional concepts based on your research.
1. Introduction
- What key questions should the CISO ensure they answer with the presentation? Why did you select these?
- Leveraging the KPIs you presented in this week's discussion, how would the CISO relate these to the Board from a business perspective?
- What type of data sources, graphics, or reports do you recommend the CISO leverage to build the presentation? Why?
- What is your recommended rhythm for reporting these metrics in the future?