Articulating Risk to Senior Management - Enabling Informed Decision-Making

Explore a panel discussion from InfoSecurity Europe 2015 focused on effectively communicating risk to senior management for informed decision-making. Gain insights from industry leaders as they discuss defining risk levels, implementing risk management frameworks, and developing business acumen. Learn strategies for demonstrating tangible risk reduction, showcasing long-term value, and breaking down security portfolios. Discover the importance of establishing baselines, leveraging operational metrics, and mastering the art of communicating risk to various stakeholders. Engage with expert perspectives on challenges faced in information security and explore practical approaches to enable better risk-informed decisions at the executive level.

Introduction
Defining the level of risk
Risk management frameworks
Leveling risk
Defining risk
We are not special
We are on the curve
Risk register
Business acumen
Change business activities
Customer experience team
Amazon
Debate
Metrics
Two ways we view information security
Question for the audience
The challenge
DDoS protection example
Demonstrating tangible risk reduction
Demonstrating longterm value
Are we getting up to the level
Impact and likelihood
Breaking up portfolios
Longterm security improvement program
Know your baseline
Perimeter defense
Operational metrics
How to boil them up
Communication and marketing risk
Getting the right message to the right people
Question the numbers