THE CYBERSECURITY RISK MANAGEMENT PROCESS

WORKING WITH LEADERSHIP TEAMS

Helping leadership teams to manage cyber risk and protect shareholder value

While every situation and project is different – we always customise our services to the particular needs of each organisation – there is a natural flow to our projects in those typical cases where we start with a cyber audit or assessment, then move on to remediation, helping to resolve the issues identified in the assessment, and longer-term provide on-going support to senior managment.

For some clients we will just provide one element from one phase, but for others we will stay engaged as they build more mature cyber systems and defences to protect shareholder value.

PHASE 1: ASSESSMENT
High-level cyber maturity assessment – typically 1 month, can be quicker

1.1 Review
We work with you to review current cyber governance and risk management practices. This could involve anything from a half-day Board workshop to an extensive round of interviews and visits and analysis

1.3 Recommend
For the most critical and pressing issues we will recommend sets of remediation actions, and recommend external service providers/partners who can help if/when the company does not have the internal resources to resolve them.

1.2 Identify
We identify the critical risks and priorities – which items require immediate attention and resolution, which urgently need more detailed assessment.

PHASE 2: REMEDIATION
Address priority risks, e.g. – typically 3 months, depends on scope

2.1 Analyse
We will analyse in detail the critical cyber risk and security issues to ensure that you are going to spend your time and resources in the most efficient manner.

2.3 Recruit
If there is an identified need for individuals with higher levels of cyber knowledge to assist the Board – e.g. advising the Risk and Audit Committees – we can recruit suitable people.

2.2 Develop
We work with your 1st and 2nd lines of defence to develop plans and processes to improve your cyber security.

2.4 Train
Where there are gaps in the Board and/or senior management’s cyber understanding and capabilities we can provide training on a 1:1 basis or in groups.

PHASE 3: MANAGEMENT SUPPORT
On-going support & quality control for cyber management

We can with our own resources and those of our partners provide support on a broad range of cyber programmes, from advising to practical delivery.

  • Cyber risk governance

  • Cyber control assurance testing

  • Cyber scenario testing

  • Partner programs

  • Cyber program delivery

  • Penetration testing

  • Code testing

  • Board training (group and/or 1:1)

  • Directors and Officers training

  • Cyber incident planning

  • Cyber incident response

Flexible Advisory Services

We recognise that not every company feels a need to go through a full cyber programme, so we are very flexible and do not expect clients to commit to a complete programme from the beginning. We are happy to a start with an assessment – or even just a Board Workshop – or whichever of our service modules you feel you most need at the present time.