Reporting on Information Security to the Board: How, What, When, Where, and Why

Providing meaningful status and metrics to the board can be a needle to thread. What do they care about (and what should they care about)? What is the right cadence of updates (manage by exception or keep it in front of them on a regular schedule of updates? And what is the right level of detail, for which metrics?

This Club Captive Eight Executive Roundtable will look at these questions, with the objective of understanding what the experience of our InfoSec and IT executives has been in keeping Boards apprised of the status of information Security in the organization.