A case study master class on Reporting Cyber Risk to the Board by Omar Khwaja
Case Study: Reporting to the Board: What Got You Here, Won't Get You There, a presentation by Omar Khawaja, CISO at Highmark Health at the recent 2018 FAIR Conference at Carnegie Mellon University was a master class in communicating risk to the board and the business. Omar was this year’s winner of the FAIR Institute’s Business Innovator Award for his ambitious and creative introduction of FAIR to Highmark.
With cybersecurity now top of mind for corporate boards, Omar’s advice is just in time. Among the tips you’ll hear discussed in this video:
- Boards trust the word of the National Association of Corporate Directors, so peg your reporting to the five principles of the NACD Director's Handbook on Cyber-Risk Oversight (which are about taking an enterprise level view of infosecurity).
- Have the confidence to answer “I don’t know” to board questions but always follow up.
- Don’t spout a lot of cybersecurity metrics. “The point is to make them feel like it’s being managed… All they need to know ‘Is it getting better or worse?’.” Omar shows a chart with upward trends, including for staff training. “The next question becomes ‘How do we know that’s enough?’” He suggests making a comparison to benchmarks such as the FAIR Maturity Survey, which Jack Jones presented in his keynote conference address.
- “Align your reporting to your organization’s maturity and culture.”
- Join at least one board yourself, to see how things look from the other side of a boardroom.
Видео A case study master class on Reporting Cyber Risk to the Board by Omar Khwaja канала FAIR Institute
With cybersecurity now top of mind for corporate boards, Omar’s advice is just in time. Among the tips you’ll hear discussed in this video:
- Boards trust the word of the National Association of Corporate Directors, so peg your reporting to the five principles of the NACD Director's Handbook on Cyber-Risk Oversight (which are about taking an enterprise level view of infosecurity).
- Have the confidence to answer “I don’t know” to board questions but always follow up.
- Don’t spout a lot of cybersecurity metrics. “The point is to make them feel like it’s being managed… All they need to know ‘Is it getting better or worse?’.” Omar shows a chart with upward trends, including for staff training. “The next question becomes ‘How do we know that’s enough?’” He suggests making a comparison to benchmarks such as the FAIR Maturity Survey, which Jack Jones presented in his keynote conference address.
- “Align your reporting to your organization’s maturity and culture.”
- Join at least one board yourself, to see how things look from the other side of a boardroom.
Видео A case study master class on Reporting Cyber Risk to the Board by Omar Khwaja канала FAIR Institute
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
Introduction to Cyber Risk Quantification with Open FAIRJack Jones, 3x CISO, author of the FAIR Model at the FAIR Institute Breakfast Meeting during RSAC20Defining a Cyber-Risk Appetite That WorksHow to Identify Key Risk Indicators (KRIs) for Cybersecurity with Marta Palanques, Steve Reznik, ADPCybersecurity Metrics Development for Board and Risk Committee ReportingEnterprise Risk Management, Cybersecurity Oversight and Cyber Risk's Future, with James LamCybersecurity Means Business! | William Agresti | TEDxJHUDCVideo 8: Risk Management - Case StudyKPMG Interview Questions & Answers! (How to PASS a KPMG interview!)Open FAIR™: Quantitative Risk Analysis and Updates to the StandardReflections of a New CISO: 5 Lessons Learned | SANS@MIC TalkUsing Open FAIR™ Risk Analysis to Demonstrate Zero Trust Architecture Business ValueThe Bald Tire Scenario with Jack Jones, author of the FAIR ModelRisk Analysis How to Analyze Risks on Your Project - Project Management TrainingHelping the Board Exercise Proper Cyber Risk OversightChris Porter, CISO, Fannie Mae at FAIR Institute Breakfast Meeting during RSAC20Whiteboard Wednesday: How to Talk to your Board of Directors About Cybersecurity"Pen Testing Your Board Pitch" Teaser from 2019 FAIR ConferenceFAIR Risk Analysis Method Part 1Risk and How to use a Risk Matrix