If you want your information risk program to be taken seriously by the business, you have to do more than just throwing around a few business terms. You need to embrace enterprise risk techniques. See how the engagement changes when you start talking about a product delivery risk instead of a Struts vulnerability. Cyber isn’t your top risk; focusing on the wrong priorities is your top risk.
1: Learn how to integrate into a broader enterprise risk program.
2: Understand techniques from other disciplines that can be used in your cyber-program.
3: Learn to communicate security risks in business context.