In an exclusive interview with Information Security Media Group, Tim Youngblood says the key is to know that the board's role is "to understand what is the risk to our organization and are we doing the right things to address that risk."
Youngblood says CISOs need to be prepared to clearly explain what the security team is doing. "What they've got to do is translate that into business terms and business outcomes," he says. "What does the risk mean to the business goals? As CISOs we are good at collecting metrics, and that's all great. But if you can't translate what that means to the outcome to the business, it doesn't mean much to the board."
In this interview (see audio link below photo), Youngblood also discusses:
- What information a CISO should bring into a board meeting;
- Mistakes CISOs make when presenting to the board;
- How to prepare for a board presentation by working with other security stakeholders.
Youngblood became corporate vice president and CISO of McDonalds Corp. earlier this month. Previously, Youngblood held CISO positions at Kimberly Clark and Dell Inc.