Going Beyond the Risk Register: Crafting Compelling Risk Narratives and Gaining Executive Buy-in

OVERVIEW

NOTE: This training is a 2-day (8 hours/day) course from September 5 to 6.

Many cybersecurity organizations struggle to translate technical outcomes into compelling, business-risk focused narratives for executive and Board-level stakeholders. On Day 1, this training enables cybersecurity and GRC leadership and practitioners to build, measure, and track compelling cybersecurity metrics, to convert metrics to insightful, executive-ready reporting, and to build engagement across their organization. Several common issues will be addressed in this training: incomplete understanding or tracking of cyber risks, siloes between cybersecurity and business stakeholders, and lack of integration with broader Enterprise risk processes.

With those challenges tackled, Day 2 focuses on the struggle many enterprises have when trying to appropriately gauge the impact of cybersecurity risks to the business, in turn leading many organizations to devalue cybersecurity as a cost center. In this portion of the training, we’ll discuss tools to align cyber risk to business risk and communicate cybersecurity and GRC program value, thus shifting organizational mindset and facilitating a culture around security.