Decision Making for the Board – Managing Cyber Risks

By Elon Kaplan
Cybersecurity has moved from the server room to the board room a long time ago. Unfortunately, it took several critical incidents to put BOD members on track – Cyber is no longer a technology issue – it’s a business issue.
 Like any other complex field, the subject experts are required to compile a meaningful consolidation of critical functions and translate them to business terminology.
What are the challenges addressing this task?
  1. Over abundance of Data –“What does it mean to me?” The cyber landscape is full of data but not enough information. Intelligence, for example, can be accessed at great ease but actionable information relevant to specific business challenges is hard to achieve.
  2. Complexity of Cybersecurity Management –  Assets, Attackers, Products, Standards, Attacks…. The jargon is evolving every day. Responsibility of resource allocation, risk appetite and exposure of business critical processes and information to partners and clients is hardly an easy task to do.
  3. Get the best out of your existing defenses – Continuous Monitoring of deployment and utilization. What should we do with existing investments in technology, policies and processes? How to make sure the organization followers operational optimization of leveraging existing resources rather then following “fashions” and trends?
  4. Rapid Changes in Defensive Technologies – “Where should I put my Cyber Defence Dollars?” Threat landscape changes rapidly however business competition changes even faster. How can I confirm that my current security plan addresses our business development needs in the most cost-effective way?
  5. Asymmetry in Cybersecurity War. Simply put – it’s not expensive to deploy ransom-ware or DDOS and disrupt business operation. Cost of defenses should be measured against hedging techniques such as cyber insurance and impact analysis given current risks. How can we do that?
  6. Dynamic Information Visualization – Focus on What’s Important. Reports are no longer agile enough to provide BOD and C level information needs. We must provide simple, friendly and powerful technology to monitor compliance with risk policy with automatic alerts.
  7. Be Proactive – Translate Analytical Trend Observations to Operational directives. Easier said than done. None of us have the Crystal Ball however, BOD members are measured on their forward-looking and planning performance. Can we provide them with the infrastructure information to succeed is such complicated task?
  8. Cyber Financial Resilience – Understand the business & financial impact. The common denominator of business is money. Without clear translation of cyber risk to monetary terms BOD members and C level executives are “faced with a mountain having a teaspoon to remove it”.

 

The challenge often resides on the shoulders of the CISO with demanding clients such as BOD, risk committees and CFOs asking tough questions.
Cytegic was founded to address these challenges!
Providing an end-to-end comprehensive solution for Cybersecurity Management, Cytegic provides tailored views with finite-element drill-down capabilities that cater to the needs of BOD members, C-level executives, CISOs and security experts on a single integrated data set. Moreover – automation makes management objective, measured and actionable to address the right business focus.
Elon Kaplan, Ph.D.
President,
Cytegic – Cybersecurity Management Solutions
www.cytegic.com
+972-52-5221170
Come visit us at InfoSec London
Booth #L63, June 7th – 9th

Leave a Reply

Your email address will not be published. Required fields are marked *