Click the button above to login and start your scoping exercise to connect for free to this service provider.

How do you start a program like this?

When creating a formal or informal organizational system for decision-making and project management (governance) you need to identify the stakeholders. Stakeholders might include: CMOs, CIOs, third-party vendors etc. It’s also important to educate members on the basics of corporate governance. Having employees understand the what and why behind governance will make the transition easier.

What is the best way to align Business objectives to the cyber security strategy ?

Its more the alignment of security to business objectives? Security supports the business, it’s a means-to-and end.

In your experience, what is the most effective way to drive senior stakeholder support?

Demonstrate risks, potential damage, benefits and efficiencies of running a structured cyber governance programme.

Where do you start on defining key roles and responsibilities?

It’s important to assign the right people to the right spot. Clear, defined roles will lead to less confusion when the model is rolled out.

Choose members from different departments and make sure to include experienced IT staff in each. Executive sponsors and the project management office will play a critical role by explaining the benefits of the new governance model.

Who are the key shareholders to participate in Cyber Risk Management Forums/Groups?

Business owners, CIO’s, Board members, IT executives, project managers.

Where do you start in defining your cyber risks? What the best way to record them and monitor progress.

Establish an asset register of important systems and data. Understand how they are used. Understand what the impact of disruption or data breach would be for the business per system and prioritise as such. Understand GDPR requirements and how they apply to you and your clients data you hold.

Would you recommend any risk management frameworks to match financial/operational or reputational impacts to the risks captured?

ISO 27001 or SOC2 would be a good place to start.

What is the easiest, most effective way to document policies or standards and how do you ensure they are relevant to your organisation?

Adopt an approach similar to ISO27001 is one example. Having a list of controls and associated actions and measures in place similar to a Statement of Applicability (SoA) would be a good start.

What are the key KPI (Key Performance Indicators) at this early stage that can add value?

Inventories of system and data being established and maintained. Regular audits of access control, vulnerability management and attack surface visibility. Monitoring time to remediation and maintaining a risk register would also help keep track of a cyber governance process.

With Cyber-attacks ever evolving, what tactical measures should any company do right now?

Assess access control measures for critical systems and client-facing solutions. Perform regular vulnerability management, patching and maintenance across all public Internet facing and remote access systems.

How are Edgescan helping organisations protect and manage Cyber risk?

Edgescan delivers continuous risk based vulnerability assessment, risk prioritization and support to help our clients ensure they are operating in a robust and resilient environment.

Please note: A nominal fee is requird to complete the scoping exercise through our platform. Customer fee will be refunded in 14 days once featured provider is engaged. You may choose any one of our Cyber Builds ( Scoping Workflows) to qualify for refund.