Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber Risk Presentation to the Board of Directors

Published byRosamond Hancock Modified over 6 years ago

Similar presentations

Presentation on theme: "Cyber Risk Presentation to the Board of Directors"— Presentation transcript:

1 Cyber Risk Presentation to the Board of Directors
[START ATTACK MAP] There’s a technology race on and it will continue, But technology isn’t enough. Directors have to get engaged in governing cyber risk.

2 Copyright Cybernance Corp. 2016
Contents About Cybernance Inc. About Cybernance Platform Why Cybernance? Cybersecurity Standards Scoring Dimensions & Domains Controls & Actions Example Themes to Improve Cyber Example Board Presentation Outline Copyright Cybernance Corp. 2016

3 Copyright Cybernance Corp. 2016
About Cybernance Inc. Founded in early 2015 in Austin, TX as a venture- backed cybergovernance software company. Led by seasoned security and software executives. Active customers across most industries, namely insurance, energy, healthcare, financial, retail, and non-profit. Our goal is to form a collaborative bridge between Board of Directors, executives, managers, and operators across the entire organization. Copyright Cybernance Corp. 2016

4 About Cybernance Platform
Helps key stakeholders address cyber risk in a common language. Based on the most widely accepted cyber standard (NIST), which was designed to assess, measure, report, and improve a company’s cyber resilience. Tests vendor controls through a risk-based approach to relationship management. Extends to compliance standards – FFIEC, HIPAA, PCI, ISO, etc. Assess cyber controls, identify current maturity, prioritize actions, track progress, report to Board/executives, and compare to peers. Copyright Cybernance Corp. 2016

5 Copyright Cybernance Corp. 2016
Why Cybernance? Based on the National gold standard in cyber (NIST Cybersecurity Framework) Blends strategic and operational concerns Prioritizes risk management and resilience Focuses on human aspects: policies, procedures, processes Promotes collaboration among diverse stakeholders Not just IT and security Tracks and enables reporting progress over time Copyright Cybernance Corp. 2016

6 Cybersecurity Standards
Intent of NIST is to create: A set of common controls applicable to ALL environments A shared understanding among diverse industries A common language for key stakeholders across any given organization NIST is widely regarded as the best Standards can be ‘mapped’ to each other when broken down to their individual components Copyright Cybernance Corp. 2016

7 Copyright Cybernance Corp. 2016
Scoring The national average Cybernance Score (known as the ‘CMOM Index’) is 302 The distribution skews to the left (lower scores) with a long tail to the right (higher scores) Copyright Cybernance Corp. 2016

8 Copyright Cybernance Corp. 2016
Dimensions Risk Management Formalized policy/procedures used by risk and security Risk Culture Degree of buy-in from the broader workforce into risk management policies, etc. Risk Influence Rigor of applying risk management controls to external relationships including partners, vendors, etc. Copyright Cybernance Corp. 2016

9 Copyright Cybernance Corp. 2016
Domains Cybersecurity is more than a technology problem; it involves many others throughout the entire organization. Domains define the responsibilities that align with traditional org charts. Board Oversight CIO/CISO Tech & Security Audit Assurance Counsel Compliance Procurement Supply Chain HR Workforce CEO Strategy & Agenda Copyright Cybernance Corp. 2016

10 Copyright Cybernance Corp. 2016
Controls GREEN = Implemented How well or to what degree? Implementations are scored 1-4 aligned with NIST Helpful in making risk tolerance decisions YELLOW = Unimplemented Not done yet or not done on purpose – both could be reasonable GREEN = Unknown Questions that need to be answered These should be priority Copyright Cybernance Corp. 2016

11 Copyright Cybernance Corp. 2016
Actions The Cybernance Platform recommends actions based on the following: Projects and programs to improve risk management and resilience Resources to help users understand how and why to implement specific programs Collaborators and enablers who should be involved in the project Copyright Cybernance Corp. 2016

12 Copyright Cybernance Corp. 2016
Example Themes Refining inventories of hardware assets with information on dependencies, compliance, SLA. (ACM domain) Formalizing processes around risk acceptance using defined, documented, universal criteria. (RM domain) Defining requirements for cybersecurity information sharing programs: policies, standards, key stakeholders. (ISC domain) Copyright Cybernance Corp. 2016

13 Example Board Presentation
Discussion of NIST standard High level dimensions and domains CMOM index score Overview of each domain What each one is Who owns it Interpretation of score Actions & Priorities Summary of top-tier (3-5) priorities Discussion regarding how those limit risk Copyright Cybernance Corp. 2016

Download ppt "Cyber Risk Presentation to the Board of Directors"

Similar presentations

AASHTO Internal Audit Conference 2012 – Phoenix Daniel Fodera, CMQ/OE Program Management Improvement Team Federal Highway Administration.

AASHTO Internal Audit Conference 2012 – Phoenix Daniel Fodera, CMQ/OE Program Management Improvement Team Federal Highway Administration.
Lisanne Sison Director ERM Bickmore

Lisanne Sison Director ERM Bickmore
Overview of Priorities and Activities: Shared Services Canada Presentation to the Information Technology Infrastructure Roundtable June 17, 2013 Liseanne.

Overview of Priorities and Activities: Shared Services Canada Presentation to the Information Technology Infrastructure Roundtable June 17, 2013 Liseanne.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.

Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.
Framework for Improving Critical Infrastructure Cybersecurity NIST Feb 2014.

Framework for Improving Critical Infrastructure Cybersecurity NIST Feb 2014.
6/2/20151 Enterprise Risk & Assurance Management in Zurich North America Brian Selby MA (Audit), FIIA, QiCA, MBCS, CISA.

6/2/20151 Enterprise Risk & Assurance Management in Zurich North America Brian Selby MA (Audit), FIIA, QiCA, MBCS, CISA.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
The Executive’s Guide to Strategic C H A N G E Leadership.

The Executive’s Guide to Strategic C H A N G E Leadership.
High-Level Assessment Month Year

High-Level Assessment Month Year
Establishing an Effective Enterprise risk management (ERM) program

Establishing an Effective Enterprise risk management (ERM) program
Part One: An Overview of Business Ethics

Part One: An Overview of Business Ethics
Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order 13636 “Improving Critical Infrastructure Cybersecurity”

Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order “Improving Critical Infrastructure Cybersecurity”
C H A P T E R 2 Stakeholder Relationships, Social Responsibility, and Corporate Governance.

C H A P T E R 2 Stakeholder Relationships, Social Responsibility, and Corporate Governance.
The Evergreen, Background, Methodology and IT Service Management Model

The Evergreen, Background, Methodology and IT Service Management Model
Continual Service Improvement Process

Continual Service Improvement Process
Security and Privacy Services Cloud computing point of view October 2012.

Security and Privacy Services Cloud computing point of view October 2012.
IT Risk Management, Planning and Mitigation TCOM 5253 / MSIS 4253

IT Risk Management, Planning and Mitigation TCOM 5253 / MSIS 4253
Bruce Hallas Director Marmalade Box Ltd. UK Business Comparison of Information Security Incidents & Financial Impact Corporate UK SME UK 25% ↓ in number.

Bruce Hallas Director Marmalade Box Ltd. UK Business Comparison of Information Security Incidents & Financial Impact Corporate UK SME UK 25% ↓ in number.

Similar presentations

Ads by Google