San Francisco CISO Inner Circle

 Enabling a Risk-Smart Culture

Most leaders realize the importance of a robust risk culture, yet the emphasis on risk awareness can reinforce the perception that the goal of risk culture is vigilance in pursuit of risk avoidance. Instead, a risk-smart culture keeps the focus on the pursuit of strategic objectives — framing risk consideration in terms of the impact of decision-making on the likelihood of achieving organizational goals.

Risk-informed decision-making is particularly critical for emerging risks. Because these are more abstract in nature, a direct link to defined business goals is necessary to drive proper action. Security and risk leaders must have a clear and consistent framework to candidly communicate risks across the business.

In this interactive conversation, CISOs will have the opportunity to discuss their role in leading the charge on capturing and communicating risk:

Topic 1: Driving a Risk-Informed Organization

• Who owns the risk strategy at your organization and who is involved in risk conversations? How have you built out risk management guidance at your organization?

• What are strategies you use to articulate and quantify risk for senior leadership?

• How would you describe the current risk culture at your organization?  What is your goal state and what are the obstacles that you have to overcome to achieve that goal?

Topic 2: Navigating Emerging Risks and Threats

• How are you seeking out ways to solicit candid and frank feedback to uncover the areas where emerging risks might result in bigger repercussions?

• What are your strategies to tie risks back to strategic business goals?

• What is your framework for navigating new and emerging threats?