1. Chief Executive Officer
The CEO of a large business typically relies on the chief information security officer for information about the state of the company's security posture. The CEO would generally want to know how information security will impact the overall company performance. Security metrics need to be tied to how they influence the overall company metrics, according to Wong. The CEO often desires an overview of the security posture of various business lines in the organization. Valuable data that appeals to the CEO is comparative security score reporting, Wong says.