History of controls harmonization is really the history of managing conversations about risk. Cyber Risk Recap: What could go wrong?


continuous monitoring

Reputation is a cyber target

  • Criminals value information – financial, health, critical infrastructure
  • The pace of technology intensifies and blurs dependencies
  • We can’t trace, never mind control our data
  • Exfiltration happens
  • The role of government and information custody is flat out unclear

Cybersecurity Mission: Resilience

  • Know the critical assets and who’s  responsible for them
  • Get everyone involved in cyber-resilience (discovery) 
  • Assure they have the knowledge and autonomy to make good decisions
  • Be prepared for both unsuccessful AND successful attack
  • Prevent a cyber attack from throwing the organization into complete chaos.

Expectations Mount While 3rd Generation Problems Prevail 

  • Expnsive cloud engineers taken off line for audit – get vague pushback on design of their work
  • Business is sliding back to relying on spreadsheets
  • Security and IT asking for more resources
  • CSO, CIO, CRO and CAE struggle to supply what’s required for the board