Why a Risk Register Helps a CISO Communicate to the Board

https://is1-ssl.mzstatic.com/image/thumb/Podcasts116/v4/c4/5f/16/c45f1663-338f-f6c1-bc25-9c597419cf37/mza_13628697874128373614.jpg/600x600bb.jpg

An Insider’s Look at Security, Identity and Compliance

Edgile

7 episodes

1 week ago

Edgile is the trusted cyber risk and regulatory compliance partner to the world’s leading organizations, providing consulting, managed services, and harmonized regulatory content. We secure the modern enterprise by developing on-premises and cloud programs that increase business agility and create a competitive advantage for our clients.

Technology

RSS

All content for An Insider’s Look at Security, Identity and Compliance is the property of Edgile and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Technology

https://d3t3ozftmdmh3i.cloudfront.net/production/podcast_uploaded_episode400/21553209/21553209-1650238194619-752c7beae9ac9.jpg

Why a Risk Register Helps a CISO Communicate to the Board

An Insider’s Look at Security, Identity and Compliance

11 minutes 46 seconds

3 years ago

Why a Risk Register Helps a CISO Communicate to the Board

In this latest edition of An Insider’s Look At Security and Compliance hosted by Evan Schuman, Edgile’s Brian Rizman explains that in order to get board level budget buy-ins, CISOs need to first define the more strategic “whys” behind specific risk mitigation initiatives before focusing on the more technical and product oriented “whats” and “hows.” An accurate and dynamic risk register is critical as it ties back to risk mandates and help guide the “why” when lobbying for security funding.

Key Points

Keeping an accurate and updated risk register can help justify security budget requests.
An outdated or inaccurate risk register can give senior management a reason to cut security spending because the true risks aren’t apparent.
Edgile’s iGRC content library subscription service brings laws, regulations and risk frameworks into a common reporting and measuring mechanism that’s understandable and functional across the enterprise.
iGRC is a relatively small investment considering it lays the risk register foundations that drive security development and deployment.
CISOs need to be part of the conversations around how planned organizational changes may affect future risks.
As CISOs get more board level air time, they need to employ business-focused language that ties back to business value so management can support proper security funding.
Don’t wait for a big breach before taking strategic actions that identify critical risks.

About the Speaker

An experienced leader, Brian Rizman has been helping clients through complex technology, strategy and compliance challenges and opportunities for nearly twelve years. His most recent experience was in PwC’s Process, Risk, Controls, Security and Governance national practice, where he was responsible for leading the competency, team, solution strategy, client relationships and sales in the Southern California region.

About the Host

Evan Schuman has tracked security and compliance for enterprise IT audiences since the late 1980s, having served as a columnist for Computerworld, eWEEK and CBSNews.com. He has also run editorial operations for IT media outlets tracking payments, retail and general technology issues. Evan lectures on security and compliance topics at Columbia University and New York University graduate schools and moderates webcasts for MIT Sloan Management and VentureBeat.