The emerging cyber guidelines and rules from the SEC and National Association of Corporate Directors (NACD) do not present anything new to responsible and conscientious leaders; they merely extend the explicit ethics that have always been required of directors to a new domain of activity in our increasingly risky cyber-connected market. However, we should be motivated to act accordingly because the spirit behind them is the right thing to do to achieve resilience to material threats, maximize competitive capability, and participate as good citizens within an ethical framework of duty of care that is already over a century old.
Nevertheless, CISOs (or those working in that function) need to understand:
- the table stakes for what the emerging guidelines require
- how best to communicate to the C-suite and Board
- what your strategic initiatives are designed to accomplish
- the budget requirements to support them
- the economic effects they present to the enterprise.
In this presentation I will discuss these elements to help you mature your organization toward cyber resilience.
While this discussion is directed to cyber security leaders and professionals, participants from other operational functions can easily extend its contents to any capital budgeting exercise and initiatives executed under uncertainty.
https://2023.riskawarenessweek.com/talks/creating-a-resilient-organization-leading-through-change-and-uncertainty/
About this speaker
Robert has over 25 years of experience in strategic planning and advising, working across startups, government agencies, and Fortune 100 companies. One of the key contributors to the popular cyber risk quantification (CRQ) training series offered through Resilience, Rob spent the last 25 years as a decision scientist and strategic consultant assessing value and risk tradeoffs for complex projects in oil and gas, manufacturing, homeland security, pharmaceuticals, asset allocation, and more. He is the author of Business Case Analysis with R – Simulation Tutorials to Support Complex Business Decisions (Springer-Nature, 2018).
Check out other decision making books
RISK-ACADEMY offers online courses

Informed Risk Taking
Learn 15 practical steps on integrating risk management into decision making, business processes, organizational culture and other activities!

ISO31000 Integrating Risk Management
Alex Sidorenko, known for his risk management blog http://www.riskacademy.blog, has created a 25-step program to integrate risk management into decision making, core business processes and the overall culture of the organization.

Advanced Risk Governance
This course gives guidance, motivation, critical information, and practical case studies to move beyond traditional risk governance, helping ensure risk management is not a stand-alone process but a change driver for business.