Defining and communicating cyber strategy Is part of the CISO role. Top down or bottom up, obtaining business buy in is a fundamental step to success. This session looks at research into Organizational Resilience and how it is affected by the tensions between protecting the status quo and being flexible enough to change and adapt. This provides a basis for defining and communicating a cyber strategy to the organization and understanding where change in the security function may take place.