Never mind sophisticated hackers, advanced attacks or naïve employees, one of the most aggravating and tense job responsibilities facing security professionals is interacting with the board of directors. But for even the most old-school infosec executives, board meetings have become as elemental to their profession as maintaining technology to help defend against the latest strain of ransomware.
If your organization is striving for advanced security maturity, security must be woven into its fabric. To achieve this, security leaders like the CISO should report to a non-IT leader, preferably the CEO, and commit to regular communications with the board of directors.
Learn About Trustwave Risk Assessment Services
But the onus of responsibility doesn't solely fall on you. The board itself should also play an important role by taking security seriously and engaging the CISO in thoughtful dialogue.
Here is a quick list of 10 pointers for establishing a mutually beneficial relationship between you and the board - one through which the entire organization will reap benefits:
In the coming months, we'll have more to share with you around this topic. In the meantime, if you have a specific question, please leave it in the comments and we'll get it answered.
Dan Kaplan is manager of online content at Trustwave and a former IT security reporter and editor.