Question: How should I answer a nontech exec who asks, "How secure are we?"
Kurtis Minder, CEO of GroupSense: Depending on your relationship with your executive team, it might help to qualify the question first. Secure compared to what? Compared to similar companies of focus and size in the industry? Compared to NIST 171? Compared to PCI DSS? In order to measure something like this, it helps to have a reference baseline. Otherwise the answer is opaque and virtually meaningless. Regardless of the answer, it is important to convey that the threat landscape is fluid and security programs need to be also.