A case study master class on Reporting Cyber Risk to the Board by Omar Khwaja
HTML-код
- Опубликовано: 28 май 2024
- Case Study: Reporting to the Board: What Got You Here, Won't Get You There, a presentation by Omar Khawaja, CISO at Highmark Health at the recent 2018 FAIR Conference at Carnegie Mellon University was a master class in communicating risk to the board and the business. Omar was this year’s winner of the FAIR Institute’s Business Innovator Award for his ambitious and creative introduction of FAIR to Highmark.
With cybersecurity now top of mind for corporate boards, Omar’s advice is just in time. Among the tips you’ll hear discussed in this video:
- Boards trust the word of the National Association of Corporate Directors, so peg your reporting to the five principles of the NACD Director's Handbook on Cyber-Risk Oversight (which are about taking an enterprise level view of infosecurity).
- Have the confidence to answer “I don’t know” to board questions but always follow up.
- Don’t spout a lot of cybersecurity metrics. “The point is to make them feel like it’s being managed… All they need to know ‘Is it getting better or worse?’.” Omar shows a chart with upward trends, including for staff training. “The next question becomes ‘How do we know that’s enough?’” He suggests making a comparison to benchmarks such as the FAIR Maturity Survey, which Jack Jones presented in his keynote conference address.
- “Align your reporting to your organization’s maturity and culture.”
- Join at least one board yourself, to see how things look from the other side of a boardroom.
Even after 4 years this is still very very relevant! Thank you for posting
smart man, asking for the questions before starting the presentation is brilliant
Excellent presentation
wonderful presentation!
Excellent
Do you have a link to the NACD white paper?