As risk practitioners CISOs make risk vs reward decisions on a daily and sometimes hour by hour basis. As a profession we must understand our organizations risk tolerance and appetite as well as our own. Regulations are lagging indicators. SOX was established as a direct response to unethical behavior.  Unfortunately, regulations in cybersecurity and data privacy are also "lagging indicators" that organizations "left to their own device" have failed to allocate sufficient reasonable cost-effective resources to mitigate the significant risk in prudent ways that place the organization in a position to demonstrate both due diligence and due care in a worst case scenario. CISOs must: 1 Understand your organizations risk tolerance and appetite 2 Know your own risk tolerance and appetite as well as your personal code of conduct and ethics. 3 Build and maintain your "rainy day", emergency or as my more colorful colleagues refer, FU funds. 4 Find your calm, peace and happiness. These days, mine is Yoga and Meditation What is yours? 5 To avoid stressful days and sleepless nights, maintain our integrity and sense of humor! Visit https://securityweekly.com/csp for all the latest episodes!  Follow us on Twitter: https://www.twitter.com/cyberleaders  Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/  Show Notes: https://securityweekly.com/csp111