Content of Figures
Commissioned by TechDemocracy
1 Executive Summary
More and more organisations understand that Cyber Risk Governance is a challenge that needs to be addressed on a management level. Cyber security and ...Login Get full Access
- Organisations need to get to a full picture of their risk posture.
- Cyber Risk Governance needs to be understood as a critical business management ...
3 Cyber security and cyber governance today
Security threats as well as requirements from compliance and governance have resulted in various tactical efforts for improving individual aspects of ...Login Get full Access
3.1 Rising cyber security threats
The detection and prevention of cyber Security threats along with adequate responses to them are among the most important activities. With the emergen ...Login Get full Access
3.2 Growing legal and regulatory requirements
Companies in the financial services sector were among the first that had to comply with various national, international and sector-specific standards ...Login Get full Access
3.3 The organizational reality: Security and governance siloes
The reality in almost any organization reflects the way organizations have developed and grown in the past: many efforts are driven by immediate requirements and actual, imminent threats.
Isolated, tactical efforts for compliance and cyber security have tessellated the Digital security risk management landscape in many organisations.
Although we are talking about only a few years, historically different operations teams, IT security teams and cyber governance teams are usually focusing on individual solutions and products, solving individual problems. This typically happens without an adequate integration into a corporate security strategy or a consolidated approach towards communication, the mutual management of risks, the correlation of results, the overall IT security maturity, or the overall risk posture of an organisation.
A cross system security concept usually ends with the implementation of a SIEM-solution typically consuming all log data that is collected and consequentially being doomed to fail due to a lack of focus compared to the vast amount of data available.
3.4 The vendor perspective
The silo approach, as described in the previous subsection, is a phenomenon that can be rediscovered quite easily also in the product area. Strong an ...Login Get full Access
3.5 The state of Cyber Risk Governance
Many organisations will agree that there is room for improvement when it comes to cyber security and cyber risk governance. There are many isolated ef ...Login Get full Access
4 Principles of a mature Cyber Risk Governance approach
Well defined and executed Cyber Risk Governance involves and informs all stakeholders. It enables an organisation to effectively oversee and assess cy ...Login Get full Access
4.1 Digital Security Risk Management for Economic and Social Prosperity
The OECD (“Organisation for Economic Co-operation and Development”), published “Digital Security Risk Management for Economic and Social Prosperity”, ...
The described principles appear to be very high-level in the first place, but they form the foundation for a consistent and holistic process framework ...Login Get full Access
4.2 NIST Cybersecurity Framework
Organisations looking into designing a more practical and actionable strategy towards a comprehensive and holistic cyber risk governance approach, mig ...
The two documents do not necessarily need to be considered as alternatives, but can also be deployed either in parallel or in the order of their menti ...Login Get full Access
5 From concept to infrastructure: Cyber Risk Governance platform requirements
Mature Cyber Risk Governance needs to be built upon a strong strategic concept but also requires powerful and flexible tool support. Interoperability, ...Login Get full Access
6 Building a Holistic Cyber Risk Governance foundation with TechDemocracy Intellicta
TechDemocracy Intellicta implements Cyber Risk, Security & Governance Assurance thought leadership as a process framework, a product platform, and opt ...Login Get full Access
6.1 Framework and platform for the governance fundamentals
TechDemocracy defines a technological platform for the implementation of a comprehensive and holistic Cyber Risk Governance solution. A major building ...
Each segment within this matrix can then be used to identify the individual services related to the given Service category and object of interest. As ...Login Get full Access
6.2 Key Concepts
As required in Section 5, the platform covers a variety of regulatory requirements and security standards and is thus able to provide status informati ...Login Get full Access