Cyber security risks may arise from various cyber-attacks. Managing these cyber security risks involves the development of policies, procedures, and controls. CISOs (Chief Information Security Officers) are responsible for identifying, protecting, detecting, responding to, and recovering these risks. Those activities help ensure that the organization's systems and data are secure.

This speech discusses the philosophy of knowing employees and the necessary skills to implement information security governance from the CISO perspective. CISOs must develop an incident response plan outlining the proper procedures for a security breach or incident. That includes identifying, collecting, examining, analyzing, and preserving the evidence. They should ensure that the organization complies with financial regulatory requirements. CISOs further work closely with other leaders in the organization to ensure that security, convenience, and resiliency are top priorities. 

In conclusion, CISOs must have a comprehensive understanding of cyber security risks and the ability to develop and implement effective strategies. They must also be able to lead incident response efforts to manage or mitigate these risks effectively and efficiently.