Top 3 Questions in the Board Room …

Are there other questions (than the ones listed below) that take more precedence that an Information Security Professional/Leader/Executive needs to be able to answer in the board room? If so, please respond …

1. What is the Revenue to the company?
2. What is the Cost to the company?
3. What are the Risks to the company?

Additionally thoughts on how these questions can be answered from an information security perspective is welcome.

Ham and Ham Sandwich

While attending the Computerworld 100 Premier IT Leaders conference in March, James Dallas, CIO and SVP of Medtronic Inc., in his keynote address expressed that as a CIO, he is interested in a Ham and Ham sandwich, not a Ham and Egg sandwich in which the chicken is only participating while the pig is taking all the risk.

Extrapolating the idea to risk management within organizations, if we are to liken ‘Ham’ to IT and the Business – what are some proven methodologies that information security professionals and leaders can do to “SHARE the RISK” with the businesses they support, so that the ‘Business’ is not just participating.

Additionally, are there additionally analogies that reflect a similar scenario?