Inaugural research report from RSA’s Executive Security Action Forum (ESAF) offers rare insight into what top CISOs report to boards

The first in a series of CISO Perspectives research shares candid opinions and tangible examples of great CISOs representing multiple industries on what they report to the board and why

BOSTON, October 12, 2022 /PRNewswire/ — RSA Conference, the world’s leading information security conferences and expos, today released research that offers deep insight into how Fortune 1000 CISOs report to boards of directors for managing cyber risk. Due to the threats present in today’s global landscape, cyber risk is now a priority concern at the executive governance level and above, as it is considered a strategic risk that could have a significant impact on the business.

This unique report is the work of the RSA Conference Executive Security Action Forum (ESAF), a Fortune 1000 CISO community. The research was led by the ESAF Program Committee, a group of 15 CISOs from global companies, including Bayer, Capital One, Cisco, Evernorth (Cigna), HCA Healthcare, Infosys, Leidos, Liberty Mutual, McKesson, Meta Platforms, Procter & Gamble, Sony, Vodafone and Walmart, which highlight priority topics CISOs want to discuss with their peers . RSAC ESAF, an invitation-only community for sharing confidential information, has been meeting regularly behind closed doors for nearly 20 years. For the first time, ESAF is sharing the knowledge of its members with the wider community.

“To be good at their job, a CISO has to be good in front of the board. Even if a CISO is already good in front of the board, they all want to improve. It makes a huge difference in their career,” said Brad Arkin, senior vice president, chief security and trust officer of Cisco and a member of the ESAF program committee. “It’s great research that gives CISOs a lot of ideas.”

The research addresses pressing questions such as how to escalate cyber risks to the board and what actions to share with them to address their concerns and achieve board goals. Boards need visibility into the right information to maintain a legally defensible position that they effectively oversee.

“This RSAC ESAF research was conducted by some of the industry’s leading CISOs, to meet the needs of the broader CISO community,” said Britta Glade, senior director of content and curation for the RSA conference. “Even the most experienced CISOs are looking for ways to improve their updates. This report shares practical examples they can immediately use.”

Highlights of the report include:

  • How CISOs Measure the Board’s Appetite for Cyber ​​Risk
  • Ways to convey the main risks and how they are prioritized
  • Views on how to select and present metrics, and which metrics to omit
  • Why boards want to see maturity scores

The report includes real examples of board updates such as:

  • 8 Examples of Arranging Table Updates (Table of Contents)
  • 15 examples of charts, diagrams and metrics dashboards from real presentations and memos
  • 30 examples of metrics used in board updates

This report and a conversation with members of the ESAF CISO Arkin Program Committee, Emma SmithChief Information Security Officer at Vodafone, and JR Williamson, Senior Vice President and Chief Information Security Officer at Leidos will be the focus of a webcast on October 25, 2022. To register for this event, please Click here.

Click on to download a copy of the report.

About RSA Conference

The RSA Conference is the premier year-round learning and global event series for the cybersecurity community. The RSAC is where the security industry converges to discuss current and future concerns and gain access to experts, unbiased content and insights that help individuals and businesses advance their cybersecurity posture and build stronger, smarter teams. Both in person and online, the RSAC brings the cybersecurity industry together and empowers the collective “we” to combat cyber threats around the world. The RSAC is the ultimate marketplace for the latest technology and hands-on training opportunities that help industry professionals discover how to make their businesses safer while showcasing the most enterprising, influential and challenging thinkers and leaders in cybersecurity. of today. For the latest news regarding the cybersecurity industry, visit www.rsaconference.com. Where the world talks about security.

About RSAC ESAF

The Executive Security Action Forum (ESAF), a community of the RSA Conference (RSAC), has been a trusted forum for Fortune 1000 security leaders since 2003. Led by a program committee, the community shares information during confidential sessions throughout the year and at our RSA conference, enabling security leaders from some of the world’s largest companies to collaborate and find actionable solutions to common challenges.

SOURCE RSA Conference

Melvin B. Baillie

President meets with Indian CEO Forum Board Members

Chance for Wakefield Trinity fans to answer management questions during the fan forum

Asia Foundation to launch Leather Development Forum in Bangladesh

World Food Forum: Exploring options for future soil and plant nutrition

Zinke and local GOP candidates speak at forum in Hamilton

The forum of candidates for the Bayonne school board set for November 2