Transcript Presentation title option 1

Influencing the Board – A CSO View
Paul Wood MBE
Group Chief Security Officer
18/07/2015 page 1
Agenda
• Some comments for Thought….
• You and Your Credibility
• Getting Face Time – Align to the Business Case
• Thoughts and Considerations – The Reality
• Top Level Buy in and Messaging
18/07/2015 page 2
Some comments on Information Security
Governance
“The complexity and criticality of information security and its governance demand
that it be elevated to the highest organizational levels. As a critical resource,
information must be treated like any other asset essential to the survival and
success of the organization”.
TERRY HANCOCK, CEO, EASY I GROUP
“The rising tide of cyber crime and threats to critical information assets mandate
that boards of directors and senior executives are fully engaged at the
governance level to ensure the security and integrity of those resources”.
SHIRLEY M. HUFSTEDLER, BOARD OF DIRECTORS, HARMAN INTERNATIONAL INDUSTRIES
Source ISACA Document on Information Governance
http://www.isaca.org/ContentManagement/ContentDisplay.cfm?ContentID=34997
18/07/2015 page 3
What do the majority of your senior management
think of when they think Security?
18/07/2015 page 4
You and Your Credibility
• The position you hold and the way you are viewed within the company will inevitably
impact your influence with the Board and Senior Management Team
• How you network and engage with key stakeholders in all that you do will determine
the way you are judged
• One event or incident that is handled badly will destroy 10 that are handled well – this
will sadly also extend to your team
• Having presence and confidence is essential, understanding your business is vital,
but being pragmatic and realistic is key to your success
• Winning around the skeptics, the influencers , and knowing who has a voice that will
sell your story is where you need to invest your time
• Be honest, be political and yet be prepared to know what to fight for and what to allow
to compromise on
18/07/2015 page 5
Business Jargon?
• Desired Business
Outcomes
• Financial Outcomes
• Transparency
•
KPIs
•
KRIs
•
Value Add
• Risk Reward versus
Return
18/07/2015 page 6
Parlaez Vous
- Business?
Don’t think
so…..
Getting “Face Time “ – Align to the Business Case
• Use of Threats and Scare Tactics
• The ‘Regulator’ demands or needs….
• Company A recently experienced – lessons we have learnt
• Risk Reward on Investment Return
• Focus on the Business Driver/ Benefit – Not always monetary
– Aviva wants to be the most trusted insurance and savings provider
– Recognize Me! For who I am – I am not a number!
– Link Privacy to customer retention?
• Ensure and provide transparency
• Articulate the business benefits
• Be sure of your facts, be clear of your ideas, be prepared
18/07/2015 page 7
Thoughts and Considerations - The Reality
• Be well rehearsed
• Do your prior planning and stakeholder engagement
• Try to put yourself in their shoes
• Expect to be cut short – or face a longer grilling
• Be positive and don’t run off the points
• Know your subject and your audience
– One of our Non Execs is a Technology Director at Google
– One sits on the audit committee of another financial institution
• Stick to your agenda
• Be ready to be blind sided
• If your wrong admit it!
18/07/2015 page 8
TOP LEVEL BUY IN – SELLS THE STORY FOR
YOU
18/07/2015 page 9
18/07/2015 page 10