Presenting well to the board is critical for security operations. It’s frequently the best opportunity to demonstrate value in quantifiable terms to solidify continued support for the organization’s future initiatives. Yet presenting to the board can also be an incredibly stressful. A recent Trustwave study noted, “40 percent of cybersecurity professionals feel the most pressure in relation to their security program either directly before or after a company board meeting.”
A large part of that stress comes from a single issue: how do technically focused security professionals communicate effectively with non-technical board members?
Here are some tips.
First, start with actionable information. The board’s focus on cybersecurity is on protecting the organization. They need to understand how that’s being accomplished, not to hear a synopsis of cybersecurity threats and technology. According to a recent Bay Dynamics study, only 40% of IT and security executive believe that the information they are presenting to the board is actionable. For example, the focus should be on the need to invest in better process for protecting the organization, or how support for new compliance or regulatory demands can be deployed with their funding and support.
Second, communicate how you’re responding to threats. Even at the largely nontechnical board level, there’s increasing awareness that hackers are clever, technically skilled, and that given enough time, any organization can and will be breached. Presenting a clear incident response strategy is critical for maintaining board-level support. As Dave Vellante, Chief Research Officer for the Wikibon Project, notes “Leading CIOs are changing the way they communicate to their boards about cybersecurity by emphasizing response, not infiltration.”
Finally, graphics and dashboards are great communication tools. Graphical information is often easier to grasp and provides more depth than simple text or talking points. Swimlane delivers reports and dashboards that make it easier to prepare for board level presentations. This includes key performance indicators (KPIs) and real-time ROI calculators that allow you to quantify to the board the value and performance that your security operations is delivering.
To learn more about Automated Incident Response, download our e-book.