Sidebar ...
I've been thinking about this quite a bit, and I'm hoping some of you are too.
Materiality - that's a big word being thrown around in CISO circles and in the press too. What does it have to do with CISOs?
As a CISO you need to answer the question: "Was this incident/breach material to the company?"
What does that really mean?
How do you get the hard data to answer that question?
These are tough things to think about, that CISOs haven't had to think about before. But, at the risk of sounding repetitive, be careful what you wish for. CISOs wanted to be corporate officers and executives - and this is the direct result. You have to have knowledge and insights into the company function and investor relevance beyond just the cyber security part of the job.
It's a brave new world... I wonder how many CISOs are equipped with the knowledge and (to be slightly self-serving) the technology to be able to answer truthfully, and fully.