Author: Denny Dean
Are you worried about your CyberSecurity Risk Profile?
Our 3 step exercise program will get you and your organization Cyber Risk Fit.
- Create a “Findings” List. A finding is an anomaly, something that is “not right” or a deviation from the norm, defined policies, a company standard, a best practice, etc. findings are factual and based on evidence. Look for these in audit reports, vulnerability scans, pen test results, control reviews, self assessments, regulatory exams, etc. Apply a scoring scheme relevant to your business so the findings can be sorted into a priority order.
- Establish a “Risk Register”. Predicting the future based on available findings, other intelligence, and critical thinking. What bad thing might happen? How bad might it be? How likely is it to actually occur? “Quarterly revenue targets are missed by 25% because normal operations are interrupted by a Ransomware attack”. Or “A key government contract is lost because the company was found to be non-compliment with CyberSecurity terms/conditions/mandates stipulated”. Apply a scoring scheme relevant to your business so the risks can be sorted into a priority order enabling action to be focused on the highest risks.
- Establish a “CyberSecurity Governance Program”. This will include a “CyberSecurity Working Group”, a “CyberSecurity Risk Council”, a standard cadence for each group to collaborate and make decisions and a workflow that ties project work back to Findings and Risks. The Working Group owns the Findings List. The Council owns the Risk Register. Each must have a chairperson (a leadership sponsor) responsible ensuring the team functions. Critically, a cyber security advisor is assigned to sherpa the workshops/meetings of both teams, update the List and Register after each, maintain/publish/distribute the Risk Dashboard, advise the teams on governance protocol and guide the development of tactics for reducing Cybersecurity risk.
The result is a CyberRisk Dashboard reflecting progress made to achieve the Risk waistline your company feels good about.
To learn more about how Focus Technology Solutions can help establish a risk diet appropriate for your company’s health and CyberSecurity long term fitness, contact us below!