One of the most critical aspects of any Information Security Program is communication and sharing information. This is especially true with Executives and Board of Directors, who need to be educated and informed on all aspects of information security so they can ask better questions and make appropriate decisions. If the top level of the organization better understand the risks and the impact potential, it will help build a stronger information security culture throughout the organization.
So what do you need to report upstream to help the Board and Executives understand your ISP and risk? Let’s dive in.
This presentation will cover the following areas/topics:
- Regulatory requirements for reporting ISP info upstream
- A framework for asking better questions
- What is most important to report upstream?
- How often should you report upstream?
- Setting a culture of security starts at the top
Target Audience: Information security officer, IT manager, risk officer, internal auditor, CIO