CISO Board Deck.
Twelve slides that travel well.

A board-ready deck, not a CISO log dump.

• →12 editable slides (PPTX) plus a PDF render of the reference fill
• →Speaker notes on every slide — what to say, what to skip, what to bring to the appendix
• →Pre-built heat map, NIST CSF posture chart, and incident metrics layout
• →Decisions-requested slide pattern — so the minutes capture what the board actually approved
• →Maps cleanly onto SOC 2 CC2 communication and DPDP Significant Data Fiduciary reporting

All twelve slides at a glance.

1. 01

   Title & meeting context

   Quarter, board cycle, who is presenting, who is in the room, what decisions you are asking the board to make today (named, not implied).

2. 02

   TL;DR — three takeaways

   Three sentences. Posture (improving / steady / degrading), the single highest-risk item, the single largest in-flight investment. Board members read this slide; everything else is appendix.

3. 03

   Risk register top 5

   Top-five inherent risks, residual rating, owner, status delta vs. last quarter. Colour-coded heat map. No more than five — the board will not retain six.

4. 04

   Control posture by domain

   Identify / Protect / Detect / Respond / Recover (NIST CSF style), each rated against the agreed maturity target. Anything red gets a sentence of context.

5. 05

   Incident metrics

   Detection lead time, mean time to contain, mean time to remediate. Quarter-on-quarter trend. One named incident summarised — what triggered, what worked, what didn't.

6. 06

   Pentest & VAPT results

   Engagements this quarter, surfaces tested, critical / high findings opened vs. closed, retest pass rate. Tie at least one finding to a board-visible business risk.

7. 07

   Compliance & audit posture

   SOC 2 / ISO 27001 / PCI / DPDP / RBI / SEBI status. Audit windows on the horizon. Any open findings or qualifications, with target close dates.

8. 08

   Regulatory radar

   New / amended regulations in the next 12 months that materially affect the company. One sentence each, plus owner and proposed response posture.

9. 09

   Threat landscape highlights

   Two or three threat actors / TTP shifts that are sector-relevant. No CVE wall-of-text. The board needs to know which way the threat is moving, not the patch backlog.

10. 10

    Programme spend & headcount

    Run-rate vs. plan, capex commitments, hiring pipeline vs. open roles, attrition. Anything trending off-plan called out explicitly with cause.

11. 11

    90-day forward plan

    Three to five named workstreams for the next quarter, with owner and exit criterion. The board can hold you accountable to this slide next cycle.

12. 12

    Decisions requested

    Explicit asks: budget approval, risk acceptance sign-off, vendor selection, programme charter. One slide. Each ask numbered for minutes.

Pair this deck with.