clueless board or inarticulate ciso

Disclaimer: Views and opinions presented in this talk are entirely my personal opinions only and in no way represent the views, positions or opinions – expressed or

implied – of my previous or current employer or anyone else

Clueless Board Or Inarticulate

CISO?

Author: Jitender Arora

Date: 10th June 2013

Twitter: @jee2uu

2 @jee2uu: Is The Board Apathetic?

3 @jee2uu: Boards Are Not Clueless, They Are Badly Informed

@Forbes: Boards Are Still Clueless About Cybersecurity

4 @jee2uu: Different angles makes us look at things differently

5 @jee2uu: Tough climates calls for drastic measures

6 @jee2uu: Why would the board pay if they don’t believe in ROI?

7

@jee2uu: Who is to blame if the board doesn’t get it? What is that I

want? Who is responsible for fulfilling my objectives?

8 @jee2uu: I need to help myself. Nobody else will do it for me

9 @jee2uu: Motivation drives innovation and excellence

10 @jee2uu: We crave for recognition and support i.e. funding

= + Business

Outcomes

11 @jee2uu:Spend far too much time communicating scare stories

F(ear) U(ncertainity) D(oubt)

12 @jee2uu:CISOs are seen like airport security staff

13 @jee2uu: Security is about what you make possible

14 @jee2uu: CISO must gain confidence and trust of the board

15

@jee2uu: Metrics goes long way while dealing with Board Members

and C-Execs because they get it. But it has to be meaningful

16

@jee2uu: Communication frequency is all about relevance

17

@jee2uu: Getting attention once is easy. Staying on top of the mind is

difficult. CISOs need to be persistent

18

@jee2uu: Fear of failure kills innovation. Be ready to take risks

19

@jee2uu: An opportunity to describe returns delivered to the customer

Annual Information Security

Report

20

• Executive Summary

• Information Security Team

• Key Highlights 201X

• Information Security Risks &

Exposures

• Key Priorities 201Y i.e. Next

Year

• Influencing Factors / Challenges

• Information Security Strategy

• Closing Statement

Annual

Information

Security

Report

21

• Business Outcome

Recognition for self and the team

Funding to drive growth

• Building Trust and Credibility Is The Key

Meaningful metrics can go long way

Delivering results with effective communication. Perception Management is equally important

• Annual Information Security Report

Think differently

Out of sight, Out of mind

Relevant and Meaningful

Finally...

@jee2uu: Motivation drives innovation and excellence

Thank You

My Blog: http://jitenderarora.co.uk

Twitter: @jee2uu

LinkedIn: http://uk.linkedin.com/in/jarora