‹ All episodes

Executive Cybersecurity with Dave Tyson

Easy Cybersecurity Framework for Boards

May 27, 2022 Dave Tyson Season 1 Episode 4
Easy Cybersecurity Framework for Boards
Executive Cybersecurity with Dave Tyson
More Info
Executive Cybersecurity with Dave Tyson
Easy Cybersecurity Framework for Boards
May 27, 2022 Season 1 Episode 4
Dave Tyson
  • By focusing on the Crown Jewels of the organization and adding robust security intelligence about real threats the appropriate metrics and measurements can be defined that enable a superior cyber security governance and decision-making framework.
  • In many industry verticals now, good cyber security is considered “table stakes” but truly focused cyber security excellence is used as a business differentiator for many, and can provide business competitive advantage, which drives customer and employee trust.
  • Cyber attacks are a business with typical business goals, understanding and monitoring these trends and changes is instructive for managing cyber security business risk. Measure risk by business unit in your framework.
  • Build security metrics and performance dashboard based on crown jewels protection and business priorities, not IT activity.
  • Most poor security circumstances are a result from a business decision made, either with or without risk understanding. Bring transparency to those business decisions and ensure the risk taken on aligns with executive guidance. Track decision-making performance versus risk over time.
  • Track and measure risk creation and expected mitigation by the leader, align expected risk resource allocation and results to performance pay metrics.
  • Disconnect from the idea that security tools by themselves will solve your problems, you need good processes, policies, communication, and aware employees and contractors to create an environment where security tools can create their value.
  • Security capabilities are created every day that can greatly reduce business cyber risk but are rarely implemented because innovation dollars are assigned elsewhere, and risk strategy is stuck in traditional thinking. Real expertise can break the logjam.
  • Much of the industry is, not surprising, invested in just selling you more……. recognize what this is and ensure your spend decisions are actually reducing risk specific to what matters the most. 


Apple Podcasts Spotify Amazon Music Podcast Index Overcast iHeartRadio +
Show Notes
  • By focusing on the Crown Jewels of the organization and adding robust security intelligence about real threats the appropriate metrics and measurements can be defined that enable a superior cyber security governance and decision-making framework.
  • In many industry verticals now, good cyber security is considered “table stakes” but truly focused cyber security excellence is used as a business differentiator for many, and can provide business competitive advantage, which drives customer and employee trust.
  • Cyber attacks are a business with typical business goals, understanding and monitoring these trends and changes is instructive for managing cyber security business risk. Measure risk by business unit in your framework.
  • Build security metrics and performance dashboard based on crown jewels protection and business priorities, not IT activity.
  • Most poor security circumstances are a result from a business decision made, either with or without risk understanding. Bring transparency to those business decisions and ensure the risk taken on aligns with executive guidance. Track decision-making performance versus risk over time.
  • Track and measure risk creation and expected mitigation by the leader, align expected risk resource allocation and results to performance pay metrics.
  • Disconnect from the idea that security tools by themselves will solve your problems, you need good processes, policies, communication, and aware employees and contractors to create an environment where security tools can create their value.
  • Security capabilities are created every day that can greatly reduce business cyber risk but are rarely implemented because innovation dollars are assigned elsewhere, and risk strategy is stuck in traditional thinking. Real expertise can break the logjam.
  • Much of the industry is, not surprising, invested in just selling you more……. recognize what this is and ensure your spend decisions are actually reducing risk specific to what matters the most.