A company that has already grappled with ethical data usage and established clear principles is better positioned to make difficult decisions during an active security incident.

#SecurityCommunications #IncidentResponse

https://discernibleinc.com/blog/how-data-ethics-makes-incident-response-more-effective

I stumbled upon a helpful resource for CISOs navigating board communications for the first time. While I'm not a big fan of most NCSC content, this particular piece offers valuable insight to help set expectations if you're new to these kinds of interactions.

In my coaching sessions on board and executive communications with CISOs, I often draw on research by Dr. Anthony Vance at Virginia Tech.

Here are some top recommendations:

"What do we need to know about the Chief Information Security Officer? A literature review and research agenda": https://www.sciencedirect.com/science/article/abs/pii/S0167404824003687

"Taking a Seat at the Table: The Quest for CISO Legitimacy": https://aisel.aisnet.org/icis2022/security/security/14/

"The Security Team at the Top: The Board of Directors": https://www.usenix.org/conference/enigma2022/presentation/vance

For those interested in further exploration, check out the resource on board-level cyber discussions for clear communication: https://www.ncsc.gov.uk/guidance/board-level-cyber-discussions-communicating-clearly