Does your CISO know the role of the board?

I’ve spent the past week at the Australian Institute of Company Directors (AICD) learning about the ins and outs of being a company director.  During the five day course, they spend a considerable amount of time talking about the role of the board and how directors go about fulfilling their obligations.  

In listening to the detail, I began thinking about my experience with boards and audit committees and my conversations with my industry peers. And I'm starting to wonder how many security leaders have been educated about the role of these governing bodies.

Many leaders say their board papers go into a black hole.  Others say their monologues in board meetings or audit committees end with a deafening silence.  Could it be that not only do the directors not have enough of a handle on cyber that they don’t know what questions to ask – but – also the security leaders don’t have a handle on the role of the directors?

I’m not suggesting this clarity is the silver bullet that will open up the relationship between security and the board and suddenly it will be overwhelmingly effective. What I am saying is that fundamentally, if the role of each party is understood, there is a better likelihood that the language, content and relationship between the parties would be better aligned.

“In practice, the role of the board includes governing, directing and monitoring an organisation’s business, affairs and operations”. *

I wrote here about the need for CISO’s to get in front of boards regularly so that they are well known to the board as-and-when major incidents arise. For this time in front of the board to be effective and sustainable in terms of invitation, the content and interaction must be of value.

There’s an opportunity for CIO’s who are leading security professionals to ensure they are educated to the extent that the information they are preparing will meet the needs of the audience and when it comes to the board, this couldn’t be more important. In my book, the final chapter addresses the need for continuous development and education of security leaders to keep their skills current and to retain them

When preparing board papers or Committee presentations, are you confident your head of security understands the role of the audience?

*Definition sourced from here

Read more blogs here

Buy my book here

Sign up for my newsletter here