In this Help Net Security interview, Devin Rudnicki, CISO at Fitch Group, argues that security strategy fails when it loses its connection to business outcomes. Rudnicki walks through how to align security goals with corporate priorities, why CISOs must present risk in terms leadership can act on, and how to balance innovation speed with measured risk. She outlines three metrics every security program should track: value, risk, and maturity. Rudnicki also addresses where maturity models … More → The post Stop building security goals around controls appeared first on Help Net Security .