If Apple followed the ‘wisdom of the crowds’ in 2006-2007 they’d never made an iPhone. If smart CISOs paid too much attention to the article in the Information Risk Leadership Council’s latest article they’d be in as much trouble as they purportedly are right now. There is a lot wrong with CISOs that put all their hope and budget in prevention, but the word itself is definitely not the problem. Nor is the solution that CEB IRLC (Executive Board’s Information Risk Leadership Council) advocated - although they just followed the lead by NIST.
It could be just me, but every time there’s a need to present a complex topic to the executives or business leadership (topic for another musing, methinks) I get the typical looks of “oh no, he’s going to get all lectury again”. And it’s true, I prefer to present complex topics as complex, even if the style of presentation makes them approachable. There’s no way to dumb down something that’s complex without: also sending the message that sure, they may be leaders of the organisation, people that we entrust to make the right decisions, etc.
"Managers who are isolated from the intelligence customer tend to monitor the quantity of reports produced and level of polish in intelligence products, but not the utility of the intelligence itself." This sounds equally true if you replace “intelligence” with risk.  Jack Davis, The Challenge of Opportunity Analysis
I’m reading up on contemporary intelligence as part of my grad course and came across these six intelligence values. So far all I’ve read on intelligence reads very true to information risk management and often risk management as a whole. Have a read, see if the values for intelligence don’t marry neatly with risk management values: Accuracy: All sources and data must be evaluated for the possibility of technical error, misperception, and hostile efforts to mislead. Objectivity: All judgments must be evaluated for the possibility of deliberate distortions and manipulations due to self-interest.