by Brian Kelly and Scott Kannry, Education Dive
The decentralized nature of educational institutions works well for research and learning, but it creates silos from a risk-management perspective. Before CISOs can do anything — for example, create a comprehensive cybersecurity program or implement controls for regulatory compliance — they must first justify their budget requests to a diverse group of stakeholders that perceive and communicate risk in different ways. This requires quantifying risk in a nomenclature that matters to the risk manager as well as to finance, the board of trustees and the provost. This can be achieved by undergoing the following exercise:
Share on Facebook