CISA’s Kolasky: Risk management discussion must go beyond security professionals to private sector decisionmakers

Bob Kolasky, head of CISA’s National Risk Management Center, says enabling effective information sharing and risk tolerance policies will require company executives to take responsibility for developing policy and show a willingness to make changes.

There needs to be ways to “push up the risk conversation to what is the outcome that we are trying to [avoid],” Kolasky said at an ATARC event on Wednesday, making clear that risk tolerance decisions should involve a company’s “board of directors, chief risk...