Information security risks cut across all four areas defined under enterprise risk: strategic, operational, compliance and financial. C-level executives understand this language, whereas they may not understand information security language as well. Simple dashboards can go a long way to communicating risks to the C-suite. The practices of enterprise risk management have been developed since the time of the Trojan horse, so you dont have to reinvent the wheel, he says. The top 10 causes of operational failures in Abkowitzs book include: design flaws (has anyone done dynamic testing of the software); schedule constraints (no time for security testing before go-live) inadequate training (your basic 15 minute annual awareness training)”]
Source: https://www.csoonline.com/article/3092415/dont-be-the-next-humpty-dumpty.html