US cybersecurity business Tenable has set up a panel to develop and advance best practices in digital protection.

The Exposure Management Leadership Council’s members include Munich Re senior VP global head of IT risk and security John Schramm and Geico chief information security officer Rick Vadgama.

“Our goal is to shift the conversation from endless technical metrics to a strategic discussion focused on risk reduction,” Tenable chief security officer and council chair Bob Huber said.

“A standardised exposure management framework would help [chief information security officers] pinpoint their organisations’ most pressing exposures and articulate their potential business impact.”

The council’s first report says many information security chiefs struggle to translate the “intricate, jargon-filled world of cybersecurity into a strategic business conversation”, especially in updates to directors. 

“For many chief information security officers …  few agenda items inspire as much dread as the quarterly cybersecurity update … And they know their operational metrics often miss the mark, despite the hours upon hours they spend gathering this data each quarter in preparation for their presentations.

“The persistent boardroom communication gap has given rise to a need for a new framework and language – one that can transform the cyber update into a strategic conversation. Enter, exposure management.”

The report says the objectives of exposure management are breach prevention and cyber risk mitigation.

“It achieves these objectives by showing how threat actors can combine vulnerabilities, misconfigurations and excessive permissions from across your environment into dangerous attack paths that you can then proactively close before attackers can exploit them.

“Knowing you can’t mitigate every risk, exposure management combines business and technical context with threat intelligence to give you a clear picture of your organisation’s most critical ones.”