Conversation

Notices

1. Embed this notice
   Patrick C Miller :donor: (patrickcmiller@infosec.exchange)'s status on Friday, 20-Sep-2024 18:42:02 JST Patrick C Miller :donor:

   Do boards understand their new role in cybersecurity? https://www.cio.com/article/3523667/do-boards-understand-their-new-role-in-cybersecurity.html

   • Embed this notice
     noplasticshower (noplasticshower@infosec.exchange)'s status on Friday, 20-Sep-2024 21:38:37 JST noplasticshower

     in reply to

     @patrickcmiller only if the CISO has been explicitly working on that. In my experience, CISOs are granted only very limited flying in front of the Board. See https://www.garymcgraw.com/wp-content/uploads/2018/01/CISO-2017.pdf

   • Embed this notice
     Patrick C Miller :donor: (patrickcmiller@infosec.exchange)'s status on Sunday, 22-Sep-2024 23:54:13 JST Patrick C Miller :donor:

     in reply to

     • noplasticshower

     @noplasticshower the C in their title is nothing more than a decoration in the eyes of most boards. E.g., most CISO/CSOs don’t get D&O insurance.

   • Embed this notice
     Patrick C Miller :donor: (patrickcmiller@infosec.exchange)'s status on Sunday, 22-Sep-2024 23:58:25 JST Patrick C Miller :donor:

     • Vern McCandlish
     • noplasticshower

     @malanalysis @noplasticshower unfortunately it’s executive theater for many

   • Embed this notice
     noplasticshower (noplasticshower@infosec.exchange)'s status on Monday, 23-Sep-2024 00:06:21 JST noplasticshower

     in reply to

     @patrickcmiller I found that there are four CISO tribes, only one with real executive chops https://www.garymcgraw.com/wp-content/uploads/2018/01/CISO-2017.pdf