As the CISO continues to evolve upwards to board level, the aspiration is to set and report on strategy based on a holistic view of risk. However, this comes with issues.
First, there is the danger of spending too much time reporting to a multitude of stakeholders and losing focus on securing the organisation. Second, there is the translation issue involved in trying to present something innately granular, to an audience used to discussing big picture business issues. Too tactical, and it impacts on the ability of security to be seen as a strategic function.
Join a discussion with a group of your peers to exchange views on how to manage reporting to avoid these pitfalls.