Why a Risk Register Helps a CISO Communicate to the Board [11:46]

In this latest edition of An Insider’s Look At Security and Compliance hosted by Evan Schuman, Edgile’s Brian Rizman explains that in order to get board level budget buy-ins, CISOs need to first define the more strategic “whys” behind specific risk mitigation initiatives before focusing on the more technical and product oriented “whats” and “hows.” An accurate and dynamic risk register is critical as it ties back to risk mandates and help guide the “why” when lobbying for security funding.

Key Points

Keeping an accurate and updated risk register can help justify security budget requests.
An outdated or inaccurate risk register can give senior management a reason to cut security spending because the true risks aren’t apparent.
Edgile’s iGRC content library subscription service brings laws, regulations and risk frameworks into a common reporting and measuring mechanism that’s understandable and functional across the enterprise.
iGRC is a relatively small investment considering it lays the risk register foundations that drive security development and deployment.
CISOs need to be part of the conversations around how planned organizational changes may affect future risks.
As CISOs get more board level air time, they need to employ business-focused language that ties back to business value so management can support proper security funding.
Don’t wait for a big breach before taking strategic actions that identify critical risks.

About the speaker

An experienced leader, Brian Rizman has been helping clients through complex technology, strategy and compliance challenges and opportunities for nearly twelve years. His most recent experience was in PwC’s Process, Risk, Controls, Security and Governance national practice, where he was responsible for leading the competency, team, solution strategy, client relationships and sales in the Southern California region.

About the host

Evan Schuman has tracked security and compliance for enterprise IT audiences since the late 1980s, having served as a columnist for Computerworld, eWEEK and CBSNews.com. He has also run editorial operations for IT media outlets tracking payments, retail and general technology issues. Evan lectures on security and compliance topics at Columbia University and New York University graduate schools and moderates webcasts for MIT Sloan Management and VentureBeat.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Client Services

Leadership Team

History

Microsoft >

SailPoint >

ServiceNow >

Microsoft >

SailPoint >

ServiceNow >

Industries

Our View

From the Experts

Newsroom

Client Services

Leadership Team

History

Microsoft >

SailPoint >

ServiceNow >

Microsoft >

SailPoint >

ServiceNow >

Industries

Our View

From the Experts

Newsroom

Why a Risk Register Helps a CISO Communicate to the Board [11:46]

Other ways to listen