What questions should CIOs anticipate from their board following critical vendor-related incidents that caused major problems?

650 views3 Comments
Sort By:
Oldest
COO13 days ago
When we experienced an outage at JP Morgan Chase, Jamie Dimon immediately asked, "How do we stop it from happening again?" This straightforward question was followed by a detailed root cause analysis and subsequent inquiries about our protection measures and mitigation strategies. The board's primary concerns were about preventing recurrence and improving response times. These questions are simple yet critical, focusing on prevention and faster resolution.

It’s important to be well-prepared for board meetings, especially during critical incidents. Anticipate their primary concerns, which will likely revolve around prevention and mitigation. Also, leveraging peer networks and resources, like those from Gartner, can provide valuable insights and tools for effective communication. Engaging with knowledgeable board members first can also facilitate smoother discussions with the entire board.

Vice President - Enterprise Platforms & Cybersecurity in Energy and Utilities13 days ago
Our board doesn't have much cybersecurity expertise. They are mostly older individuals who don't fully grasp the intricacies of cybersecurity. We provide them with as much information as possible about the risks and impacts. Although they may not fully understand, they do trust us to handle the situation and continue to allocate the necessary resources. It can be frustrating, but the key is to keep them informed and reassured.

lock icon

Please join or sign in to view more content.

By joining the Peer Community, you'll get:

  • Peer Discussions and Polls
  • One-Minute Insights
  • Connect with like-minded individuals
CIO in Healthcare and Biotech13 days ago
It’s crucial to understand the level of cybersecurity expertise on your board. Ideally, there should be at least one person who is knowledgeable about cybersecurity. In our case, during the SolarWinds incident, we were one of the 18,000 organizations compromised, but we weren't a high-priority target for exploitation. Explaining this to the board can be tricky, especially if they lack cybersecurity knowledge. We found it effective to first discuss the details with the one board member who best understood cybersecurity. She then helped communicate and validate the information to the rest of the board, which made the overall communication smoother.

In general, for boards that may not fully grasp cybersecurity, Gartner offers excellent resources for explaining cyber risk in the context of overall enterprise risk. These resources include ready-to-use slides that can be customized with organizational specifics. This approach helps in translating technical cyber risks into business terms that the board can understand. Even if some board members are not well-versed in cybersecurity, they can still comprehend the concept of enterprise risk, which aids in better communication.

Content you might like

How will your team's headcount change in 2020?

Talent Management & PerformanceFinancial Management

Increase49%

Stay Flat44%

Decrease5%

View Results
2k views4 Upvotes

I am trying to undertand what are the key skills on the ground that would be pivotal for moving our company to a digital first organization ? Have you trialled anything in your organization , what are the skills and trainings you recommend that would be beneficial for teh CDIO function at a high level to atleast be prepared for the digital disruption in the next two years

111 views

When was the last time you updated your resume?

People & LeadershipEmployee EngagementTraining & Certification

Within the last month14%

Within the last 3 months51%

Within the last 6 months22%

No resume needed - I love my job!11%

View Results
3.1k views1 Upvote

I work for a large Health Care System we have a pretty robust Office 365 environment with approximately 20,000 A5 licensed users. I have been researching staffing models and organizational structures to help support the growing demand for these products. I came across the Gartner governance articles which mentions forming a Microsoft 365 Product Team and was hoping someone out there has some experience implementing this framework. Looking for any recommendations on how you approached this and what your staffing model looks like. 

People & LeadershipStrategy & ArchitectureRelationship Management
IT Manager in Construction11 days ago
Hello, A5 licenses? I am asking as the A5 are for faculty, just to have a better focus of what you need.

Thanks
1.6k views1 Comment

Where is your organization placing your senior AI official? In the technology office? The data office? Other? Trying to align to OMB AI guidance and we are discussing where this role should be. The role is critical to the approval process for safety and rights impacting AI.

Disruptive & Emerging TechnologiesAI & Machine Learning
IT Manager in Construction22 days ago
Hello, I believe he should report directly to the CEO of the company, if so maybe in a dedicated office.
Read More Comments
1.1k views6 Comments