█
LastWrite
  • > Curriculum
  • > Pricing
  • > For Educators
  • > About
  • > Contact
Log InGet Started

Questions, concerns, bug reports, or suggestions? We read every message, write to us at [email protected].

More ways to reach us →
LastWrite

Structured computer science lessons for aspiring developers and security professionals.

[email protected]

(201) 785-7951

Mon–Fri, 9 AM–5 PM EST

Learn

  • Curriculum
  • Pricing

Company

  • About
  • For Educators & Schools
  • Contact Us

Legal

  • Terms of Service
  • Privacy Policy
© 2026 LastWrite. All rights reserved.
Curriculum/Cybersecurity/Risk Management and Governance/Security Governance in Practice
40 minAdvanced

Security Governance in Practice

After this lesson, you will be able to: Apply security leadership, budgeting, and risk communication to non-technical stakeholders.

Most security failures aren't technical, they're communication failures. This lesson covers the soft skills: speaking to boards, building budgets, framing for the CFO, and the politics of security ownership.

Prerequisites:Business Continuity and Disaster Recovery

Speaking to executives

They care about: revenue protected, regulatory penalties avoided, customer trust preserved. Translate every risk into one of these. 'CVE-2024-XXXX has a CVSS of 9.8' is not an exec sentence.

💡 Building a security budget

Three buckets: People (50–60%, staff is most expensive), Tools (20–30%), Training & Other (10–20%). Justify against risk register: this control reduces this risk by this much.

Reporting to the board

  1. 1

    1. Risk dashboard (top 5 risks, trend).

  2. 2

    2. Incident summary (count, severity, MTTR).

  3. 3

    3. Budget vs spend.

  4. 4

    4. Initiatives (next quarter's plan).

  5. 5

    5. Industry context (peer benchmarking, news incidents).

The CISO's dilemma

If nothing happens, security looks like overhead. If something happens, security gets blamed. Successful CISOs solve this with continuous communication: regular reports, incident drills, public 'what we did to prevent X' narratives.

Quick Check

Best frame for a $500K SIEM purchase?

Pick.

Sign in and purchase access to unlock this lesson.

Sign in to purchase
←Business Continuity and Disaster Recovery
Back to Risk Management and Governance
Risk Management Resources and Next Steps→