Member question re: board presentations on security

[Joanna Grama <jgrama () EDUCAUSE EDU>]

Hello,
I received a request from a member today, who wishes to remain anonymous, to ask this group the following question:

What types of information would you provide to your institution's board in an information security presentation/report? 
 Especially if it were the first-ever information security report to the board?  For context, this was a request to 
present for informational purposes only and not in response to an institutional breach.

For those of you that are veterans of reporting to your institutional boards, what advice do you have to share?

Kind regards,
Joanna


Joanna Grama, JD, CISSP, CRISC, CIPT
Director of Cybersecurity and IT GRC Programs

EDUCAUSE
Uncommon Thinking for the Common Good
282 Century Place, Suite 5000, Louisville, CO 80027
direct: 720.406.6769 | main: 303.449.4430 | jgrama () educause edu<mailto:jgrama () educause edu>