Lead your Board from Compliance to Risk-Based Security
To this point, the strongest drivers of security have been government regulation and compliance. But with global security incidents increasingly resulting in tangible business risks (loss of customers, reputations, even business leaders' jobs), is executive management prepared to take a risk-based approach to information security? Do boards of directors adequately understand the criticality of cybersecurity and accept that sustainable security practices must be risk-driven? Why is it important to take a risk-based approach to respond to breaches in a country such as India? The session will detail on:
- How security leaders must prioritize risks -- those which are enablers and those that are simply a cost of doing business?
- How to discuss security threats and controls in terms and context the board understands?
- How to map compliance requirements to risk frameworks?