"Value, Revenue and Credibility are at stake. Don't let cyber security become the agenda -- put it on the agenda."
There are so many guides, guidelines, documents available to help the security professional get a sense of what needs to be done and why. The US National Institute of Standards and Technology (NIST) and Department of Homeland Security (DHS) certainly produce some excellent documents. I've also even cited our friends over in Europe at ENISA - the European Network and Information Security Agency -- and some of their guidelines as excellent resources.
This past week I came across a document from the UK GCHQ called Executive Companion -- 10 Steps to Cyber Security. It is a 20-page guide intended to get the CEO/CFO/Board Members' attention and to get a summary sense of the cyber security challenges organizations face every day. As I've quoted from Mr. Lobban's introduction above, the best advice to today's Board of Directors and CEO's -- in addition to the CIO's and CISO's -- is to get cyber security awareness on the agenda at all levels of the company including employees, vendors, consultants, shareholders, stakeholders, and other "holders."
Of course with a title like "10 Steps..." you are probably interested in the digest of the 10 actions to be taken. Page 7 of the Executive Companion includes the graphic below that gives you a sense of the business steps the organization's leadership should take to "...review...invest where necessary...and to improve security..."