Trends Report

Don't Bore Your Executives — Speak To Them In A Language That They Understand

Seven Critical Executive-Level Metrics For CISOs And The Business

July 18th, 2011
Ed Ferrara, null
Ed Ferrara
With contributors:
Stephanie Balaouras , Jinan Budge , Christopher McClean , Khalid Kark , Jessica McKee

Summary

The ability to communicate effectively has always been a core competency for any business executive, and today's chief information security officer (CISO) is fast becoming a business executive. The CISO's role is evolving and moving out of IT; its responsibilities and focus are shifting from IT risk to business risk. As with other business executives, the enterprise expects value creation from the CISO. We need a common language for the business and the security organization, and it needs to reflect a communication style that serves the business and the CISO. Program reporting is one important communication method, and formally reporting the value a program contributes to the organization is an important skill. This is especially true when reporting to executives. Adopting the metrics proposed in this report, as part of information security reporting, moves the CISO toward a common language for business.

Want to read the full report?

Contact us to become a client

This report is available for individual purchase ($1495).

Forrester helps business and technology leaders use customer obsession to accelerate growth. That means empowering you to put the customer at the center of everything you do: your leadership strategy, and operations. Becoming a customer-obsessed organization requires change — it requires being bold. We give business and technology leaders the confidence to put bold into action, shaping and guiding how to navigate today's unprecedented change in order to succeed.