4 Questions the Board must ask its CISO what the board must ask instead of “Are we secure?” These four questions are designed to allow a board to understand if the organization is secure and also compare their cybersecurity posture with other companies. A CISO is a subject matter expert and should be expected to understand cyber risk better than anyone else in the business from his or her perspective. This question allows a CISO to highlight key processes that are more relevant to the business rather than complex technology, which can get complex and complex.”]
Source: https://www.cuinfosecurity.com/blogs/4-questions-board-must-ask-its-ciso-p-2218