In Part 1 of this series on on delivering meaningful metrics to boards, I talked about the need to discuss security risks in ways that relate to board concerns. In Part 2, Ill explain how to go beyond raw numbers and prioritize risks in a way that boards can understand. The job of CISOs is to provide business teams with the framework and methodology for classifying the value of information, without confusing teams with esoteric cyber-babble. The process helps us understand who is attacking us, what exactly theyre attacking, and how vulnerable our assets are.”]