Abstract

This paper addresses the critical challenge of cyber risk governance faced by executives, security committees and boards of directors in the rapidly changing digital landscape. Cyber security complexity, characterised by data deluges and the translational gap between technical jargon and business risk, significantly hinders effective cyber risk messaging and governance. Drawing on five years of research and interviews with chief information security officers (CISOs), the paper highlights the struggle in establishing trust and confidence in governance bodies due to these complexities. It introduces three constructs that aim to simplify cyber security messaging to enhance cyber risk governance: the intelligence to risk (I2R) pyramid, five risk impacts, and resilience and proximity graph. Each construct, illustrated with practical examples, is designed to provide clarity and foster understanding between cyber security professionals and governance bodies, ensuring a cohesive approach to cyber risk management. Readers can expect to gain valuable insights into overcoming the limitations of traditional risk communication tools such as risk registers. By adopting the presented storytelling approach, the paper promises strategies for building trust through transparency and accountability, bridging the communication gap between technical and executive levels, and facilitating informed decision making for improved governance outcomes in the face of cyber security threats.

Full Text
Paper version not known

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
Governance of Cyber Security: State of Play
Vincent Mcgrath ... Fan Yu
SSRN Electronic Journal | VOL. -
Vincent Mcgrath, et. al.Vincent Mcgrath ... Fan Yu
01 Jan 2020
The role of the chief information security officer in the management of IT security
Erastus Karanja
Information & Computer Security | VOL. 25
Erastus KaranjaErastus Karanja
10 Jul 2017
"Cyber security is a dark art": The CISO as Soothsayer
Joseph Da Silva ... Rikke Bjerg Jensen
Proceedings of the ACM on Human-Computer Interaction | VOL. 6
Joseph Da Silva, et. al.Joseph Da Silva ... Rikke Bjerg Jensen
07 Nov 2022
Role of Artificial Intelligence based Chat Generative Pre-trained Transformer (ChatGPT) in Cyber Security
S Guru Prasad ... V Ceronmani Sharmila
-
S Guru Prasad, et. al.S Guru Prasad ... V Ceronmani Sharmila
04 May 2023
View more papers

More From: Cyber Security: A Peer-Reviewed Journal

Paper Title
Journal
Date
Author
Editorial
Simon Beckett
Cyber Security: A Peer-Reviewed Journal | VOL. 8
Simon BeckettSimon Beckett
01 Sep 2024
Improving cyber risk governance through storytelling
Levi Gundert
Cyber Security: A Peer-Reviewed Journal | VOL. 8
Levi GundertLevi Gundert
01 Sep 2024
Identifying and classifying cyberattacks on airports
Lázaro Florido-Benítez
Cyber Security: A Peer-Reviewed Journal | VOL. 8
Lázaro Florido-BenítezLázaro Florido-Benítez
01 Sep 2024
AI detection of malicious push notifications in augmented reality in the workplace
Sarah Katz
Cyber Security: A Peer-Reviewed Journal | VOL. 8
Sarah KatzSarah Katz
01 Sep 2024
View more papers

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.