Cybersecurity In-Depth: Getting answers to questions about IT security threats and best practices from trusted cybersecurity professionals and industry experts.
How Should I Answer a Nontech Exec Who Asks, 'How Secure Are We?'
Consider this your opportunity to educate.
Question: How should I answer a nontech exec who asks, "How secure are we?"
Kurtis Minder, CEO of GroupSense: Depending on your relationship with your executive team, it might help to qualify the question first. Secure compared to what? Compared to similar companies of focus and size in the industry? Compared to NIST 171? Compared to PCI DSS? In order to measure something like this, it helps to have a reference baseline. Otherwise the answer is opaque and virtually meaningless. Regardless of the answer, it is important to convey that the threat landscape is fluid and security programs need to be also.
You should also use this type of question as an opportunity to educate. Say to the exec: "Before I answer that question, what's your nightmare? Which systems are you most concerned about being compromised?" Depending on the answer, you can educate the executive on your company's risk profile – what systems are most likely to be attacked, who is most likely to attack them, and what techniques are most likely to be used.
From there, you can then tell the executive everything you've done to mitigate that risk – but that you're never 100% secure because all it takes is for one employee to click on the wrong link in the wrong email, and all your security measures go downhill. Next, you can emphasize how everyone in the company has a responsibility to be cybersafe and keep the company secure – including the executive questioning you.
Related Content:
About the Author
You May Also Like
How to Evaluate Hybrid-Cloud Network Policies and Enhance Security
September 18, 2024DORA and PCI DSS 4.0: Scale Your Mainframe Security Strategy Among Evolving Regulations
September 26, 2024Harnessing the Power of Automation to Boost Enterprise Cybersecurity
October 3, 202410 Emerging Vulnerabilities Every Enterprise Should Know
October 30, 2024
State of AI in Cybersecurity: Beyond the Hype
October 30, 2024[Virtual Event] The Essential Guide to Cloud Management
October 17, 2024Black Hat Europe - December 9-12 - Learn More
December 10, 2024SecTor - Canada's IT Security Conference Oct 22-24 - Learn More
October 22, 2024