Photo Credit: Purple Slog on Flickr (http://purpleslog.wordpress.com/)

Information security is a complex topic that is often discussed in very technical terms.  It is also a topic that continues to gain traction and focus at a Board of Directors level — in fact, Gartner predicts that:

By 2020, 100% of large enterprises will be asked to report to their board of directors on cybersecurity.

The Board of Directors is a group that needs to understand how the organization’s risk exposure without getting into the technical details.  If’ you’ve been asked to present to your Board, you know that it can be challenging to balance the need to share the risk without delving into the details.  Gartner recently published a short blog post outlining a 7 slide structure that IT Professionals can leverage when presenting to their Board.

  • The structure starts with a quick summary of key points focused on “business execution, strategy, external developments and risk position” to lay the foundation for the rest of the presentation.
  • The next five slides focus on how security controls are performing and how these controls have contributed to business execution.  One of Gartner’s key points here is to share the metrics at a high-level (NO DETAILS in the slides) but bring supporting documentation for each metric in the event you’re asked to provide more detail.
  • Finally, the presentation structure concludes with a concise list of take-aways and action items.  As the presenter, you should highlight the key things that you want the Board to remember from the discussion.

I think that this structure is excellent for guiding these types of discussions and it can also be used as a guide for other discussions with the Board outside of Information Security.

 

Learn more on the Smarter with Gartner blog.

What techniques have you used to communicate with your Board of Directors?  Have they been successful?