Tenable, a global exposure management company, has formed the Exposure Management Leadership Council to develop and advance principles, best practices, policies, and frameworks for exposure management. The council, composed of Chief Information Security Officers and cybersecurity leaders from various industries, aims to mature exposure management into a widespread proactive security discipline that reduces organizations’ cyber exposure. The council seeks to mature exposure management into a proactive security discipline.
The report finds a persistent disconnect in the boardroom that impairs organisations’ ability to effectively manage and mitigate cyber risk during heightened exposure and regulatory scrutiny. The disconnect stems from the security operations metrics that CISOs have historically shared during quarterly board meetings–metrics that fail to accurately capture and communicate an organisation’s actual cyber exposure primarily because they’re sourced from disparate, siloed security tools.
“Exposure management is a strategic driver of organisational success,” said Bob Huber, Chief Security Officer at Tenable and Chair of the Exposure Management Leadership Council. “Our goal is to shift the conversation from endless technical metrics to a strategic discussion on risk reduction. A standardised exposure management framework would help CISOs pinpoint their organisation’s most pressing exposures and articulate their potential business impact.”
“Exposure management can help CISOs bridge the boardroom communication gap,” said Joanna Burkey, a corporate director, former CISO at HP and Siemens Americas, and Exposure Management Leadership Council member. “While the fundamental objectives of exposure management are proactive breach prevention and risk mitigation, an added benefit is its potential to transform the quarterly cyber update into a strategic discussion that drives action and outcomes.”
