"Getting to Grips with Cyber": Information Security Oversight & Governance - for non-specialists
It is not easy to manage something that you are unfamiliar with - and many senior managers, board members, non-executive directors and audit committees often feel that they are managing blindfold when it comes to cyber security. Of course, that's not surprising - it's challenging (to say the least) to have ultimate responsibility for something that you can't see and is shrouded in jargon. That's what RiskCentric specialise in - helping senior management to ask the right questions so that they can understand and manage their organisations cyber security exposure - in terms that they can relate to. Read on or watch the short explainer video above
As a senior exec in your organisation, you'll know the "vital signs" that indicate whether or not performance in particular areas is meeting objectives and whether you are managing risk exposures effectively. You may not know the intricate details of each step in a particular activity - but you do know the "vital signs" that indicate whether something needs your attention. "Getting to Grips with Cyber" - helps you to understand cyber security exposure in that context and provides the required guidance to establish information security oversight & governance approaches that are business orientated and understandable by non-specialists.
The road map to this capability is covered in our program which is tailored to the needs of busy, senior non-specialists who have the ultimate responsibility for risk oversight and governance in their organisation. While board members, their non-executive directors and audit committees do not have to be experts in information security risk management, it's still important to understand what cyber security exposure looks like and whether the organisations cyber security position is giving cause for concern
Board members and business leaders, both executive and non-executive, enhance their ability to understand their organisations cyber security exposure when they can ask the right questions and receive information that provides a clear, business focussed picture of what their organisations cyber security exposure really looks like.
This program is aimed at equipping board members, business leaders and senior professionals who have little or no information security training with the skills and knowledge to interpret, understand and respond to board-relevant cyber security exposures within their organisation.
In "Getting to Grips with Cyber", participants will learn how to recognise cyber security exposure in their organsation via a handful of "vital signs" that pinpoint the organisations intrinsic level of cyber security in a way that non-specialists can easily understand
Who should participate?
Although primarily aimed at Non-Executive Directors and Audit Committee Members, the program is also highly relevant to C-Level executives, senior managers and those who have responsibility for reporting on cyber risk management to the board and its audit committee. Internal audit specialists will also find the information helpful in terms of tailoring the presentation of cyber security exposures to their senior management
How is Getting to Grips With Cyber delivered?
Getting to Grips With Cyber is a pathway to enabling non-specialists to recognise cyber security exposure within their organisation. The first stage is normally a short, structured workshop with those who have ultimate responsibility for risk oversight and governance which shows participants the "vital signs" of cyber security exposure together with a blueprint for a "single page" reporting system. For the vast majority of organisations the capability to implement this blueprint, is already available - no additional software or services are required.
Topics Covered
-
Establishing the “vital signs” of effective information security risk & exposure management
-
Knowing the right questions to ask to understand business exposure to information security risks
-
Obtaining the necessary information & assurances that boards and their audit committees need to understand and ACT on information security exposures
-
The reporting blueprint to enable non-specialists to fully appreciate the organisation’s exposure to information security risks
-
Facilitation of implementation
Outcome
Participating organisations and their management will gain the required knowledge to establish and deploy an effective information risk oversight framework which is aligned to business objectives and which can be understood by non-specialists.
Follow or connect with Steve, RiskCentric's owner & founder via LinkedIn