top of page
ICIT Research

ICIT Certified Content: Making Better Cyber Risk Decisions - Architecting the Choices

Updated: Feb 11, 2023

ICIT Certified Content: This content has been reviewed by ICIT and deemed valuable content for the community. We encourage you to study it and socialize it with your networks. The essay, authored by Malcolm Harkins, ICIT Fellow and Chief Security and Trust Officer, Epiphany Systems, was initially published in the Spring 2022 Issue of United States Cybersecurity Magazine.

In the relentless battle to protect their companies, CISOs must fight on two fronts with two very different adversaries and competing missions – two battlefields in essence. First, there is the external visible battlefield we hear about every day: the threat actors, malware, vulnerabilities, all that type of stuff. The other battlefield is internal and largely invisible: the budgets, bureaucracies, and behaviors within an organization. Navigating this internal battlefield is just as daunting but is more critical to the choices that our organizational leadership must make to manage business risks, specifically, with respect to how we prioritize investments to prevent, detect, and respond to cyber risk.

Malcolm Harkins’ essay explores how CISOs can become more effective choice architects and data storytellers to evoke the engaged and emotional responses, properly frame risks and rewards, and lead their organizations along the path of security-conscious decision-making.


Read the Full Essay


bottom of page