Professional Documents
Culture Documents
The 15-Minute, 7-Slide Security Presentation For Your Board of Directors
The 15-Minute, 7-Slide Security Presentation For Your Board of Directors
The 15-Minute, 7-Slide Security Presentation For Your Board of Directors
7-Slide Security
Presentation
for Your Board
of Directors
Help the board
understand why
cybersecurity
is critical to the
business.
When the request comes in to give a cybersecurity presentation to
the board, security leaders should jump at the chance to educate
the executives. However, a lengthy, in- depth presentation is more
likely to leave the board scratching their heads than directing
resources the right way.
The question is what’s the best way to get the message across
without losing the audience.
Key Points
We have some bright spots, but continued remedial work in several areas will
Business Execution
enhance business performance.
Our recent acquisition has a minor change on our risk position. All other material
Material Risks
risks are stable.
Source: Gartner
Slides 2 - 6: Performance and
contribution to business execution
It can be difficult for CISOs to demonstrate how security contributes to business
performance. However, when presenting to the board, it is key to link (implicitly or
explicitly) security and risk to business elements that the board members value.
Whatever version of these slides makes sense for your enterprise will enable you to
highlight metrics and how the security team is contributing to the positive outcome.
However, you should also be prepared to explain potential problem areas and their
implications. Bring more detailed documentation on how each metric was produced for
any board member who asks.
Slides 3 through 6 should discuss how external events will affect security, an assessment
of the existing risk position (this can change depending on acquisitions and other events)
and the entire security strategy.
We will use security to We will provide a Our tools will be fit for Our people will be fully
help grow the business high level of service purpose engaged
availability and
We will be efficient in our We will execute change Our people will make
continuity
security management efficiently and reliably the right decisions
Customers will have
We will execute projetcs We will embed We will invest in our
confidence in our
on time and on budget continuous people and develop
services and facilities
improvement in our their expertise
We will manage our
We will comply with all processes
suppliers cost-effectively We will protect our
applicable regulations
We will maintain our know-how as a
The right people will operational risk to within competitive advantage
have access to the right a defind risk appetite
information
Source: Gartner
Action Plan
Board to note current state
� BAU work programs that uplift business performance will continue.
� Minor actions in response to external changes will be executed as BAU.
� No action is required for minor change in material risk position.
� Security strategy will continue as scheduled.
Regular board update to be delivered during the next half year.
Source: Gartner
© 2019 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates.
For more information, email info@gartner.com or visit gartner.com.