The days of cybersecurity being treated as a technology concern have passed us by. Cybersecurity is now and will remain a strategic business risk, if properly managed, can fortify an enterprise to effectively and securely innovate. CISOs and board members wont need to think their organization is safe; they will know it is. The answer seems simple enough: recruit some new subject matter experts who can ask the right questions to serve on the board. Without such a tool, organizations will continue to operate with incomplete or misleading information to decide how to invest in the equipment, training and personnel required to build and maintain effective security programs.”]