Outstanding advice on how to present to the Board. Lance Spitzner, as always, delivers great insights! This is a must read for those who will be influencing the strategic direction of an organization in front of the BOD.
Every slide is spot on, emphasizing the need to be strategic, in business terms, for the caretakers. The one add I would submit is for the presenter to have a long-term plan in their mind on how the cybersecurity capability becomes ‘sustainable’ over time. ie. consistently delivering to the desired level of risk acceptance, remaining cost effective, and adaptable over time as the organization and products change. Talk the journey, not the steps.
Lance Spitzner published his SANS 2018 presentation slides and notes. They can be found here: https://owncloud.sans.org/index.php/s/Y03feX6bS0Dsno4