12 Tips for Communicating Risk to Your Board- Valutrics

Communicating risk posture and assessments to the highest levels of an organization is a demanding and increasingly pivotal responsibility in businesses that rely on IT. In a world of proliferating new threat vector and information risks , every CIO must be skilled in communicating the value of IT security to the business. By presenting this connection to the board, information chiefs show the role that risk plays in the business and how information risk helps fulfill overall corporate objectives. It is important to recognize the different cultures of IT and company boards. “IT and the board speak in different terms,” says Chris Caldwell, CEO of LockPath. “A board decision to mitigate a vulnerability might mean to patch it. It might mean to invest in an automatic patch management system. It might mean to replace the system or put safeguards up around it.” Here are Caldwell’s 12 tips on how CIOs can better communicate risks to the board. His company provides governance, risk management and compliance solutions that focus on how companies can work with the board to better understand the impact IT risks ontheir bottom line and growth.