Misconceptions and knowledge gaps increase this distance between security and oversight. How can boards dive deeper into the world of security and overcome the entry barriers to collaboration? Seeking advice, I reached out to prominent security leaders: Joel Fulton, the former CISO of Splunk; Jeff Trudeau, the CSO of Credit Karma; and Yassir Abousselham, the former CSO of Okta and the newly appointed CISO of Splunk. Here are their tips for board members.

Recognize security as both a business risk and an opportunity

First and foremost, it is imperative for the board to appreciate the impact that information security can have on the business. Boards should treat security as a top business risk as well as a top business opportunity. Major security events can have a significant impact on revenue, brand, and even lead to catastrophic results.

Abousselham elaborates: "In an era where organizations are handling large amounts of sensitive information and governments are actively pushing more stringent privacy laws, data breaches have serious ramifications for the organization, its customers, and partners.”

Know more about the Cyber Security Consultant career path.

Bridge the technical gaps

Contrary to popular belief, security leaders believe that domain expertise is not a prerequisite to making smart security decisions. Instead of focusing on every technical bit and byte, Trudeau suggests the conversation should concentrate on understanding the risks and ensuring they are properly addressed.

Yet, even on a macro level, security concepts might be difficult to fully understand, so a short and dedicated security training for the board can come in handy. It’s also key to remember that it’s not only the board members who may feel like fish out of water. The CISO, too, can get intimidated and might over-rely on the comfort and familiarity of technical details.

Hide Comments | Add Comment