Re: Member question re: board presentations on security

[Brian Basgen <brian_basgen () EMERSON EDU>]

Tammy Clark and I wrote an article on this subject to answer this question in January, hopefully it helps!

http://er.educause.edu/articles/2016/1/leading-an-effective-briefing-with-board-executives-about-information-security

Happy to help with any additional questions you have.

--------------
Brian Basgen
Associate Vice President for Information Technology
Emerson College
617-824-8186 | it.emerson.edu | @EmersonIT

From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Joanna Grama 
<jgrama () EDUCAUSE EDU>
Reply-To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU>
Date: Wednesday, December 14, 2016 at 1:31 PM
To: "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Member question re: board presentations on security

Hello,
I received a request from a member today, who wishes to remain anonymous, to ask this group the following question:

What types of information would you provide to your institution’s board in an information security presentation/report? 
 Especially if it were the first-ever information security report to the board?  For context, this was a request to 
present for informational purposes only and not in response to an institutional breach.

For those of you that are veterans of reporting to your institutional boards, what advice do you have to share?

Kind regards,
Joanna


Joanna Grama, JD, CISSP, CRISC, CIPT
Director of Cybersecurity and IT GRC Programs

EDUCAUSE
Uncommon Thinking for the Common Good
282 Century Place, Suite 5000, Louisville, CO 80027
direct: 720.406.6769 | main: 303.449.4430 | jgrama () educause edu<mailto:jgrama () educause edu>