CYBER SECURITY ASSURANCE AND GOVERNANCE

I reduce the likelihood and impact of a cyber incident by forming a holistic programme and ensure it is well governed – business, technology and humans.

* NEW * Download Cyber Security - An Exec Summary A non-technical summary for senior leaders. I use this to orientate, educate and give cyber security context for Boards and Exec teams.

~ ~ ~

I help business leaders:

• understand their cyber risks arising from external and internal threats to systems and data integrity

• consolidate their holistic programme from work-in-progress across the organisation; finding the gaps

• flush out where business and IT efforts are misaligned and linking progress or effectiveness

• establish governance for managing, reporting and updating on progress

• assure delivery by being able to understand and challenge progress

• build capability and understanding of cyber security so it becomes second nature

• ‘shift-left’ so they are designing out root causes not just shielding the symptoms

• reduce their cyber operating budget by all of the above

~ ~ ~

I use the UK Department of Science, Innovation and Technology’s Cyber Security Governance Code of Practice as the governance baseline. (I was a direct contributor too this.)

I pair this with the National Cyber Security Centre’s Cyber Essentials as the technical controls baseline OR I work with whichever controls framework the client organisation has in place. (I work with NCSC on cyber security communication to Boards and Exec teams.)