Dear Colleagues,
I am seeking input on how institutions develop and report cybersecurity metrics to their boards, and how IT audits contribute to this process-whether by generating metrics or validating data. I am particularly interested in the types of metrics reported, the audit work performed, and any challenges encountered in aligning audit findings with board-level reporting. Any shared frameworks, examples, or insights would be appreciated.
Please feel free to respond directly or share any frameworks, templates, or examples you are comfortable providing. Thank you in advance for your time and collaboration.
Best regards,
Dave
------------------------------
Dave White | Sr. IT Audit Manager | California State University
|
dwhite@calstate.edu------------------------------