# Executive & Board Cyber Briefing Kit **Audience:** CISO (presenter) + the board, audit committee, and C-suite (audience) **Format:** 15-minute briefing (with optional 30-min deep dive) **Cadence:** Quarterly minimum; emergency briefing format included --- ## What this kit is — and what it isn't **It is:** A polished, opinionated 15-minute board cyber briefing with everything the CISO needs to deliver it without writing it from scratch every quarter. Slides, speaker notes, pre-read, Q&A prep, materiality worksheet, tabletop prompts. **It isn't:** Generic "cyber awareness for executives" training. The board doesn't need a course; they need a briefing that frames decisions they have to make. > The CISO is the one taking this training (in the sense of using the kit). The board is the audience. Different design constraint than every other training in the catalog. --- ## What's in the kit | File | Purpose | Time | |---|---|---| | `01-Board-Briefing-Deck.html` | The actual 15-minute deck. Project or share screen. Print as PDF. | 15 min | | `02-CISO-Speaker-Notes.md` | Slide-by-slide what to say, what to skip, what to elaborate on if asked | 30 min prep | | `03-Board-Pre-Read-One-Pager.html` | Single-page brief board members read before the meeting | 5 min read | | `04-Q-And-A-Prep.md` | 24 questions boards actually ask + recommended CISO answers | 30 min prep | | `05-Quarterly-Refresh-Playbook.md` | How to keep the briefing current; includes SEC 4-day materiality worksheet | 15 min/qtr | | `06-Tabletop-Discussion-Prompts.md` | 4 scenarios for cyber resilience exercises with the board | 30–60 min | | `07-Emergency-Briefing-Template.md` | What to do when you need to brief the board within 24 hours of an incident | as needed | --- ## How to use it ### First-time setup (60 min) 1. **Read 02-CISO-Speaker-Notes.md end-to-end.** The deck is opinionated; if you disagree with any framing, edit it before delivering. 2. **Fill in the brackets.** Anywhere you see `[YOUR COMPANY]`, `[YOUR INDUSTRY]`, `[YOUR TOOLS]`, `[YOUR FRAMEWORK]` — replace with your specifics. This is faster than tokenization because the substitutions are board-specific, not company-wide. 3. **Customize 3 slides** that need company specifics: Risk Posture (slide 4), What's Working (slide 12), Asks (slide 13). The rest is largely universal. 4. **Send the pre-read** (`03-Board-Pre-Read-One-Pager.html`) 48–72 hours before the meeting. Boards skim it on the plane. ### Each quarter (15 min) Follow `05-Quarterly-Refresh-Playbook.md`. It's a 15-minute checklist that keeps the briefing current without rewriting it. ### Emergency briefing (when an incident hits) Use `07-Emergency-Briefing-Template.md`. Designed to be filled out in 30 minutes when you need to brief leadership within 24 hours of detecting a material event. --- ## The voice of this kit Boards are sophisticated audiences. They are NOT served by: - "Cybersecurity 101" framing - Acronym soup (CVE, KEV, MITRE ATT&CK — replace with plain English unless board has cyber background) - Apocalyptic framing ("breach = company-ending event") - False precision ("82.4% of attacks…") Boards ARE served by: - Clear decisions framed in business terms - Honest acknowledgment of what you don't know - Direct asks (investment, risk acceptances, policy approvals) - Real cases that are recognizable (Equifax, Target, SolarWinds, MOVEit, Change Healthcare, MGM, Snowflake-customer breaches, the Hong Kong $25M deepfake) - Outcomes-focused metrics (downtime avoided, real-money risk avoided, regulatory exposure managed) Read the speaker notes before you decide whether to use this kit. If the voice doesn't match yours, change it. --- ## What's intentionally not in this kit - **Deep technical content.** This is a briefing, not training. Use the rest of the ForgeAwareness catalog for technical training. - **Industry-specific compliance specifics.** Each board's regulatory exposure differs. See `Q-And-A-Prep.md` for how to frame the regulatory section to your industry. - **Numbers from your environment.** Every metric is templated; you fill in the real numbers from your security telemetry. **Do not deliver this briefing with placeholder numbers in it.** --- ## Licensing Single-organization license. Customize freely. Brand it as the CISO's own deck. Do not redistribute externally. Includes quarterly refresh updates for one year.