Debby Briggs, CISO of NetScout and Arbor Networks, kicked off the first of seven sessions for MassTLC’s first CISO bootcamp series. The session dove deep into Risk Assessment and Ownership, Budget, and Communication, although we spent the greatest amount of time on risk.
Here are the best practices that were discussed during the session:
- The CISO is a senior role and MUST communicate with the senior executives across all company departments.
- The CISO does not own risk, the company owns risk; the CISO assesses, reports, and mitigates risk.
- The CISO should not come from a place of no, but instead continue to report areas of risk and identify how to move forward with the best plan possible.
- The first step in assessing company risk is creating a common vocabulary and rating scale with senior executives.
- Once the risk assessment is complete, measure where your time is being spent and adjust accordingly
- Risk assessment plus CISO share of focus will help you create your budget needs
For more information on upcoming CISO bootcamps click below.