Download presentation
Presentation is loading. Please wait.
Published byRosamond Hancock Modified over 6 years ago
1
Cyber Risk Presentation to the Board of Directors
[START ATTACK MAP] There’s a technology race on and it will continue, But technology isn’t enough. Directors have to get engaged in governing cyber risk.
2
Copyright Cybernance Corp. 2016
Contents About Cybernance Inc. About Cybernance Platform Why Cybernance? Cybersecurity Standards Scoring Dimensions & Domains Controls & Actions Example Themes to Improve Cyber Example Board Presentation Outline Copyright Cybernance Corp. 2016
3
Copyright Cybernance Corp. 2016
About Cybernance Inc. Founded in early 2015 in Austin, TX as a venture- backed cybergovernance software company. Led by seasoned security and software executives. Active customers across most industries, namely insurance, energy, healthcare, financial, retail, and non-profit. Our goal is to form a collaborative bridge between Board of Directors, executives, managers, and operators across the entire organization. Copyright Cybernance Corp. 2016
4
About Cybernance Platform
Helps key stakeholders address cyber risk in a common language. Based on the most widely accepted cyber standard (NIST), which was designed to assess, measure, report, and improve a company’s cyber resilience. Tests vendor controls through a risk-based approach to relationship management. Extends to compliance standards – FFIEC, HIPAA, PCI, ISO, etc. Assess cyber controls, identify current maturity, prioritize actions, track progress, report to Board/executives, and compare to peers. Copyright Cybernance Corp. 2016
5
Copyright Cybernance Corp. 2016
Why Cybernance? Based on the National gold standard in cyber (NIST Cybersecurity Framework) Blends strategic and operational concerns Prioritizes risk management and resilience Focuses on human aspects: policies, procedures, processes Promotes collaboration among diverse stakeholders Not just IT and security Tracks and enables reporting progress over time Copyright Cybernance Corp. 2016
6
Cybersecurity Standards
Intent of NIST is to create: A set of common controls applicable to ALL environments A shared understanding among diverse industries A common language for key stakeholders across any given organization NIST is widely regarded as the best Standards can be ‘mapped’ to each other when broken down to their individual components Copyright Cybernance Corp. 2016
7
Copyright Cybernance Corp. 2016
Scoring The national average Cybernance Score (known as the ‘CMOM Index’) is 302 The distribution skews to the left (lower scores) with a long tail to the right (higher scores) Copyright Cybernance Corp. 2016
8
Copyright Cybernance Corp. 2016
Dimensions Risk Management Formalized policy/procedures used by risk and security Risk Culture Degree of buy-in from the broader workforce into risk management policies, etc. Risk Influence Rigor of applying risk management controls to external relationships including partners, vendors, etc. Copyright Cybernance Corp. 2016
9
Copyright Cybernance Corp. 2016
Domains Cybersecurity is more than a technology problem; it involves many others throughout the entire organization. Domains define the responsibilities that align with traditional org charts. Board Oversight CIO/CISO Tech & Security Audit Assurance Counsel Compliance Procurement Supply Chain HR Workforce CEO Strategy & Agenda Copyright Cybernance Corp. 2016
10
Copyright Cybernance Corp. 2016
Controls GREEN = Implemented How well or to what degree? Implementations are scored 1-4 aligned with NIST Helpful in making risk tolerance decisions YELLOW = Unimplemented Not done yet or not done on purpose – both could be reasonable GREEN = Unknown Questions that need to be answered These should be priority Copyright Cybernance Corp. 2016
11
Copyright Cybernance Corp. 2016
Actions The Cybernance Platform recommends actions based on the following: Projects and programs to improve risk management and resilience Resources to help users understand how and why to implement specific programs Collaborators and enablers who should be involved in the project Copyright Cybernance Corp. 2016
12
Copyright Cybernance Corp. 2016
Example Themes Refining inventories of hardware assets with information on dependencies, compliance, SLA. (ACM domain) Formalizing processes around risk acceptance using defined, documented, universal criteria. (RM domain) Defining requirements for cybersecurity information sharing programs: policies, standards, key stakeholders. (ISC domain) Copyright Cybernance Corp. 2016
13
Example Board Presentation
Discussion of NIST standard High level dimensions and domains CMOM index score Overview of each domain What each one is Who owns it Interpretation of score Actions & Priorities Summary of top-tier (3-5) priorities Discussion regarding how those limit risk Copyright Cybernance Corp. 2016
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.