Communicating Technology Risk to Non-Tech People: Helping Organizations Understand Bad Outcomes presented at SecureWorldTwinCities 2019

by Jack Freund,

Summary : Communicating risk to nontechnical people is difficult. As security professionals, we can recite the threats and vulnerabilities that are impacting our organizations and we often call those risks. This can influence executives sometimes, but often fails to resonate and connect with the decision makers in the way we want . This session will discuss how to translate threats and vulnerabilities into business risks that executives care about. A review of the weaknesses of traditional technology risk assessment methodologies is offered and an introduction to Cyber Risk Quantification (CRQ) is covered. Example risk reporting to the board is also included.