This document outlines a presentation on cyber security for senior management. It includes an agenda, table of contents, and slides on various topics such as analyzing the current cyber security scenario, initiating a cyber risk management program, contingency planning, incident management, and the roles of personnel. The goal is to educate senior leadership on cyber security risks, frameworks, and strategies to optimize the company's cyber security posture.
Uncommon Grace The Autobiography of Isaac Folorunso
How To Present Cyber Security To Senior Management Complete Deck
1. How to present Cyber Security
to Senior Management
Your Company Name Here
2. Page No.
Agenda for Cyber Security Management
2
› Determining roles and responsibilities of senior management and executives
who are responsible in risk management
› Presenting optimize cybersecurity risk framework to senior management and
executives
› Add text here
› Add text here
› Add text here
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
3. Page No.
TABLE OF CONTENTS
3
Analyzing Current Scenario
› Present Concerns Impeding Cybersecurity
› Amount Spent on Cyber Fraud Settlements
› Determining Firm Current Capabilities
› Analyzing IT Department on NIST
Cybersecurity Framework
01 Cybersecurity Contingency Plan
› Business Impact Analysis
› Backup Maintenance
o Selecting Offsite Storage Facility Vendor
o Developing Alternate Sites
o Assessing Different Alternate Sites
o Recovery Budget Planning
› Essential Contingency Plan Strategies
› Critical Business Functions Recovery
Priorities
› Vital Records Maintenance Register
› Business Impact Assessment
› Recovery Task List Maintenance
› Cybersecurity Maintenance Checklist
04 Cost Associated to Firm
› Budget for Effective Cybersecurity
Management
› Staff Training Schedule with Cost
06
Initiating Cyber Risk Management Program
› How Firm will Handle Cybersecurity Risks?
o Optimizing Cybersecurity Framework Roadmap
o Categorization of Cyber Risks
o Risk Assessment Matrix
o Cybersecurity Risk Management Worksheet
o Cybersecurity Risk Management Action Plan
02 Impact Analysis
› Effective Security Management
› Implementing Cybersecurity Framework
07
Incident Management
› Incident Reporting by Different Cyber
Departments
› Timeframe for Incident Management
› Selecting Security Incident Management
Software
03 Role of Personnel
› Determining Roles and Responsibilities for
Risk Handling
› Role of Management in Effective
Information Security Governance
05 Dashboard
› Incidents Tracking
› Cyber Risk Management
08
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
4. Page No. 4
Analyzing Current Scenario
› Present Concerns Impeding Cybersecurity
› Amount Spent on Cyber Fraud Settlements
› Determining Firm Current Capabilities
› Analyzing IT Department on NIST Cybersecurity Framework
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
5. Page No.
Present concerns impeding Cybersecurity
5
This slide portrays information regarding the concerns that are currently existing in the organizations. It is essential for top level management to keep check on existing concerns as they have severe
impact on firm’s growth in terms of huge financial losses and bad public image.
Reported Financial Losses due to Increase In Cybercrimes
350 375
485
525
257
325
487
542
Q1 Q2 Q3 Q4
Financial Losses ('000$) Cybercrimes Incidents
Key Takeaways
› There is increase in number of cybercrime incidents
and financial losses from Q1 to Q4
› Cybercrimes incidents consists of IP or sensitive
data theft
› Add text here
Data Breaches and Records Exposed
250
375
425
198 225
297
FY 2018 FY 2019 FY 2020
Data Breach Records Exposed (in Millions)
Key Takeaways
› Firm is observing rise in data breach incidents
› Risk of records of millions get exposed containing
confidential and sensitive information has also been
increased with breach incidents
› No on time breach notification leads to breach
incidents
› Add text here
This graph/chart is linked to excel, and changes automatically based on data. Just left click on it and select “Edit Data”.
6. Page No.
Amount spent on Cyber Fraud Settlements
6
This slide portrays information regarding the amount that is spend by firm in settling cases of cybersecurity failures which not only consider as financial losses but hampered firm’s public image.
2017 2018 2019 2020 Total
5 15 17 20 57
$750,000 $2,520,000 $18,540,000 $27,500,000 $49,310,000
$150,000 $168,000 $1,090,588 $1,375,000 $2,783,588
Settlements
Amount
Average (per
settlement)
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
7. Page No.
Determining firm current Capabilities
7
This slide portrays information regarding assessment of current cybersecurity framework on certain standards.
Description Key Enablers Minimum Standard Evolving Strength Best in Class
Assessing cybersecurity risk & their impact on firm
and employees
Asset Management
Governance
Add text here
Safeguarding critical infrastructure service delivery
Data Security
Access Control
Add text here
Event occurrence identification
Threat Intelligence
Continuous Monitoring
Add text here
Appropriate action to detected cybersecurity event
Communication
Response Planning
Add text here
Recovering capabilities impaired by cybersecurity
event
Incident recovery
Add text here
Add text here
Identify
Protect
Detect
Response
Recovery
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
8. Page No.
Analyzing IT Department on NIST Cybersecurity Framework
8
This slide portrays information regarding how firm will analyze its current cybersecurity framework. It will assess the framework on certain crucial parameters.
Note –
The current cybersecurity framework will be
judged on certain parameters mentioned below
› Identify – Asset management, governance
› Protect – Data security
› Detect – Threat intelligence
› Protect – Incident response planning
› Recover – Incident recovery
0% 20% 40% 60% 80% 100%
Recover
Respond
Detect
Protect
Identify
Performance
NIST
Core
Functions
Met Partially Met Not Met
*NIST – National Institute of Standard and Technology
This graph/chart is linked to excel, and changes automatically based on data. Just left click on it and select “Edit Data”.
9. Page No. 9
Initiating Cyber Risk Management Program
› How Firm will Handle Cybersecurity Risks?
o Optimizing Cybersecurity Framework Roadmap
o Categorization of Cyber Risks
o Risk Assessment Matrix
o Cybersecurity Risk Management Worksheet
o Cybersecurity Risk Management Action Plan
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
10. Page No.
Optimizing Cybersecurity Framework Roadmap
10
This slide portrays information regarding optimization of current cybersecurity framework. The IT department will require to fulfill crucial activities in specific timeframe.
Immediate (0-6 Months) Short Term (3-12 Months) Long Term (12-> Months)
› Governance strategy planning
› Skills development planning and training
› Add text here
Network upgradation
Logging & monitoring
Add text here
Handling threats
Add text here
Add text here
Implement enterprise
security program
Implement control
environment
Implement security
processes
Incident response plan
Add text here
Add text here
Record management
Add text here
Add text here
Platform upgradation
Network upgradation
Add text here
Add text here
Patch management
Add text here
Add text here
Security assessment &
maintenance
Add text here
Add text here
Testing of incident
response plan
Add text here
Add text here
Risk management
Add text here
Add text here
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
11. Page No.
Categorization of Cyber Risks
11
This slide provides information reading the various cyber risks that firm might face. These risks are categorized into different categories such as low, medium, high, severe and extreme. This
categorization is based on certain parameters such as financial impact, damage extent.
Low Risk Medium Risk High Risk Severe Risk Extreme Risk
› Negligible financial
impact
› No damage to business
image and business
operations
› No regulatory,
contractual or statutory
requirement violations
› Add text here
› Financial impact
between - $5K - $50K
› No damage to business
image and business
operations
› Hinderance in business
supporting and business
core functions
› Violation of contractual
requirement violations
› Add text here
› Impact on firm’s
reputation
› Hinderance in business
essential systems and
operations
› Regulatory, contractual
or statutory
requirement violations
› Negative impact on
firm’s stock price
› Add text here
› Significant impact on
firm’s reputation
› Hinderance in mission
critical systems and
business operations
› Moderate impact on
firm’s stock price
› Add text here
› Huge damage to firm’s
reputation
› Negative impact on
firm’s long-term
competitive positioning
› Potential physical harm
or fatality
› Significant impact on
firm’s stock price
› Add text here
01 02 03 04 05
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
12. Page No.
Risk Assessment Matrix
12
The risk assessment matrix is an effective tool that helps in evaluating cyber risk by considering the probability of risk to happen against the severity linked with potential risk available.
Risk 3
Risk 4 Risk 1
Risk 2
Insignificant
(<$100,000)
Minor
($100,000 -
$500,000)
Significant
($100,000 -
$1MM)
Serious
($1MM -
$10MM)
Catastrophic
($10MM -
$10 MM)
Extremely
Unlikely
(1/30 years)
Severity
Unlikely
(1/year)
50/50
chance
Likely
(3/year)
Very Likely
(30/year)
Likelihood
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
13. Page No.
Cybersecurity Risk Management worksheet
13
The risk management worksheet will help in keeping the track of various cybersecurity related issues(concerns) that are existing in the firm. The firm will make effective measures to risks through
control measures.
Risk Priority
(1-5)
Identified Risk Risk Likelihood Risk Severity Implement Controls Risk Treatment Responsible Person
Security Breach Unlikely Serious
Cyber security
contingency plan
Transfer Add text here
Task errors Likely Serious Add text here Accept Add text here
Add text here Add text here Add text here Add text here Add text here Add text here
Add text here Add text here Add text here Add text here Add text here Add text here
Add text here
Add text here Add text here Add text here Add text here Add text here
1
2
3
4
5
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
14. Page No.
Cybersecurity Risk Management Action Plan (1/2)
14
The risk management action plan will help in keeping the track of potential risks that are existing and what are their level, what are the resources required to handle them. The person responsible in
handling the risk will keep track of the risk resolve duration and will check whether the risk is treated or not.
Potential Risk Risk Level
Reason for Risk
Rating
Action
Required
Resources
Responsible
Person
Duration Communication Risk Treated Review Date
Security Breach High
Confidential
information
security at risk
Cyber security
contingency plan
– root cause
analysis and
protective
measures
Data backup
team and plan
Emergency
mode operation
plan
Cyber Security
Officer
Board – to
endorse and
approve
15 days (due for
completion in 4
Nov. 2020)
Cyber incident
recovery
coordination
through
meetings
No 4 Nov 2020
Add text here Add text here Add text here Add text here Add text here Add text here Add text here Add text here Add text here Add text here
Add text here Add text here Add text here Add text here Add text here Add text here Add text here Add text here Add text here Add text here
Add text here Add text here Add text here Add text here Add text here Add text here Add text here Add text here Add text here Add text here
Add text here Add text here Add text here Add text here Add text here Add text here Add text here Add text here Add text here Add text here
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
15. Page No.
Cybersecurity Management Action Plan (2/2)
15
The risk management action plan will help in keeping the track of various potential risks that are existing in the firm. The person responsible in handling the risk will keep track of the duration in which
risk is resolved.
Risk Identification
Event Action
Failure in collecting receivables in timely
manner
Reduce
Failure to meet compliance obligations Avoid
Add text here Add text here
Add text here Add text here
Add text here Add text here
Add text here Add text here
Plan Risk Owner Resolve Date
Implement receivables tracking
and follow up process
Office Manager 21 Nov 2020
Develop and implement
compliance monitoring process
Add text here 12 Dec 2020
Add text here Add text here Add text here
Add text here Add text here Add text here
Add text here Add text here Add text here
Add text here Add text here Add text here
Risk Treatment
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
16. Page No. 16
Incident Management
› Incident Reporting by Different Cyber Departments
› Timeframe for Incident Management
› Selecting Security Incident Management Software
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
17. Page No.
Incident Reporting by Different Cyber Departments
17
This slide will help in providing an overview of the various reported incidents, average cost per incident and number of people involved in the various incidents across different cyber departments.
Description Department A Department B Department C Department D
Number of
incidents
2 3 4 6
Person involved
in the incident
1 2 1 3
Average Cost per
Incident
$20000 $150000 $150000 $700000
Add text here XXXX XXXX XXXX XXXX
Add text here XXXX XXXX XXXX XXXX
Add text here XXXX XXXX XXXX XXXX
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
18. Page No.
Timeframe for Incident Management
18
This slide provides information regarding entire duration of incident handling process which occur in various phases.
Phase Description
Incident logging Through – emails, phone calls, SMS, live chat messages
Ticket creation
› Incident
› Service request
Incident categorization
❑ High
❑ Medium
❑ Low
Incident prioritization
❑ Critical
❑ High
❑ Medium
❑ Low
Incident resolution Add text here
Incident closure Add text here
Working Hours
30 mins
30 mins
30 mins
30 mins
30 mins
30 mins
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
19. Page No.
Selecting Security Incident Management Software
19
This slide will help firm in choosing the suitable automated incident management software which is to handle existing security and privacy issues and predict upcoming incidents. The firm will choose
effective software with features such as automated workflows, centralized platform, etc.
Software 1
Security
Incident Forms
Automated
workflows
Centralized
platform
Access Rights API integration
Information
security
prevention
Cost
Customized
form for
relevant
information
regarding issues
such as phishing
or attack
Notify
customers or
employees
during breach
Compilation of
relevant
information to
handle future
incidents
Customize
ownership to
handle sensitive
information
Issues
prioritizing and
tracking by
merging
security scans
results
Aligning
business
continuity plan
to industry
standards
✔ ✔ ✔ ✔ ✔ ✔ $11,000
X ✔ X X ✔ X $12,500
✔ ✔ ✔ X X ✔ $15,000
✔ ✔ ✔ ✔ X ✔ $18,000
✔ ✔ ✔ ✔ X ✔ $19,500
Software 2
Software 3
Software 4
Software 5
Features
Description
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
20. Page No. 20
Cybersecurity Contingency Plan
› Business Impact Analysis
› Backup Maintenance
o Selecting Offsite Storage Facility Vendor
o Developing Alternate Sites
o Assessing Different Alternate Sites
o Recovery Budget Planning
› Essential Contingency Plan Strategies
› Critical Business Functions Recovery Priorities
› Vital Records Maintenance Register
› Business Impact Assessment
› Recovery Task List Maintenance
› Cybersecurity Maintenance Checklist
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
21. Page No.
Cybersecurity Contingency Plan – Business Impact Analysis
21
This slide portrays information about IT systems functions and required resources to perform them. It will also determine maximum allowable outage time and recovery priorities.
Step 1 - Determining vital IT resources Step 2 - Determining issues impacts and acceptable outage time
Vital Resources
Max. allowable
outage time
Impact
LAN servers 9 Hr
› Delay in payroll
process
› Not able to perform
regular payroll
operations
Database servers 6 Hr
› No access to
inventory system
WAN access XX Hr › Add text here
Mainframe access XX Hr › Add text here
Business Processes Vital Resources
Payroll process LAN servers
Attendance & time reporting Email servers
Add text here WAN access
Add text here Mainframe access
Add text here Add text here
Add text here Add text here
Step 3 – Assign recovery priorities
Vital Resources Recovery priorities
LAN servers High
Email servers Low
WAN access Medium
Mainframe access High
Add text here Add text here
Add text here Add text here
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
22. Page No.
Backup Maintenance – Selecting Offsite Storage Facility Vendor
22
This slide portrays information about how firm will maintain its backup. It will select appropriate vendor facility by assessing them various vendors on parameters such as geographic location,
accessibility, security, environment and cost.
Geographic location
› Distance from organization
› Add text here
› Add text here
Accessibility
› Time required for data retrieval from
storage facilities
› Add text here
› Add text here
Security
› Employee's confidentiality
› Security capabilities meeting data sensitivity &
security requirements
› Add text here
Environment
› Structural conditions of storage's facility
such as temperature, humidity, power
management controls
› Add text here
Cost
› Operational fees
› Disaster recovery services
› Add text here
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
23. Page No.
Backup Maintenance - Developing Alternate Sites
23
The contingency plan consists of building an alternate site in order to perform system operations. The firm can build their own alternate site or can acquire site on commercial lease.
› Facility with adequate
infrastructure and space
for IT system support
› Infrastructure facility –
electricity, wired
connections
› No IT equipment available
› Add text here
01.
Cold Sites
› Office spaces with
necessary hardware,
supporting infrastructure
and staff
› Staff at hot site are
available 24x7
› Add text here
02.
Hot Sites
› Partial equipped office
space with some
hardware, software,
wired connections
equipment
› Normal operational
facility for another system
during contingency plan
activation event
› Add text here
03.
Warm Sites
› Customized,
transportable shells with
essential IT and wired
connections equipment
› Add text here
04.
Mobile Site
› Facilities with real tie
information mirroring
with all technical aspects
› Identical to primary site
› Sites are organized,
designed, built, and
operated by organization
› Add text here
Mirrored Site
05.
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
24. Page No.
Backup Maintenance – Assessing Different Alternate Sites
24
This slide portrays information about how firm will assess different alternate sites on certain parameters such as implementation cost, hardware and telecommunication connection requirement,
setup time, location.
Site Implementation cost
Hardware equipment
requirement
Telecommunication
connection requirement
Time to setup Location
Cold Sites Low None None Long Fixed
Warm Sites Medium Partial Partial/ Full Medium Fixed
Hot Sites Medium/ high Full Full Short Fixed
Mobile Site High Dependent Dependent Dependent Not Fixed
Mirrored Site High Full Full None Fixed
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
25. Page No.
Alternate
site
Offsite
storage
Equipment
replacement
Backup Maintenance – Recovery Budget Planning
25
The firm requires enough financial resources for effective contingency plan implementation. The top-level executives need to allot budget to handle costs associated to vendors, hardware, software,
shipping, testing and supply.
Vendor
Costs
Hardware
Costs
Software
Costs
Travel/
Shipping
Costs
Labor/
Contractor
Costs
Testing
Costs
Supply Costs
Cold site Add text here Add text here Add text here Add text here Add text here Add text here Add text here
Warm site Add text here Add text here Add text here Add text here Add text here Add text here Add text here
Hot site Add text here Add text here Add text here Add text here Add text here Add text here Add text here
Mobile site Add text here Add text here Add text here Add text here Add text here Add text here Add text here
Mirrored site Add text here Add text here Add text here Add text here Add text here Add text here Add text here
Commercial Add text here Add text here Add text here Add text here Add text here Add text here Add text here
Internal Add text here Add text here Add text here Add text here Add text here Add text here Add text here
SLAs Add text here Add text here Add text here Add text here Add text here Add text here Add text here
Storage Add text here Add text here Add text here Add text here Add text here Add text here Add text here
Add text
here
Add text here Add text here Add text here Add text here Add text here Add text here Add text here
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
26. Page No.
Essential Contingency Plan Strategies
26
This slide portrays information contingency considerations and solutions. The considerations consists of technical requirements that assist contingency solution and contingency solution are used to
implement contingency strategy.
Server Website
Local area
network
Wide area
network
Mainframe
systems
Distributes
systems
Contingency plan coordination
with system security controls
✔ ✔ ✔ ✔ ✔ ✔
Vendors coordination ✔ ✔
Systems, configurations & vendor
information documentation
✔ ✔ ✔ ✔ ✔ ✔
Add text here ✔ ✔
Add text here ✔ ✔ ✔
Single points of failures detection ✔ ✔
Redundancy implementation in
critical components
✔ ✔
System backups ✔ ✔ ✔ ✔ ✔
Remote access and wireless
technologies integration
✔ ✔
Add text here ✔ ✔
Add text here ✔ ✔ ✔
Contingency
considerations
Contingency
solutions
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
27. Page No.
Critical Business Functions Recovery Priorities
27
Whenever the firm hits serious security risks, it will need to retrieve the crucial information based on priorities in IT department and time taken to retrieve the information.
Priorities Maximum Allowable Downtime
Department 1 1-2 Days 3-5 days 1-2 weeks > 2 weeks
Contracts Critical ✔
Add text here Add text here
Add text here Add text here
Department 2
Add text here Add text here
Add text here Add text here
Department
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
28. Page No.
Vital Records Maintenance Register
28
The IT department will keep track of crucial information and the location where these records are kept, it will also provide information regarding alternate backup location of the records and the other
sources through which records can be retrieved.
Primary Location of Records
Alternate (Backup) Location of
Records
Other Sources to Obtain Records
Settlement Agreements Department File Cabinets Vault
Scanned images on Network
drive/Other Parties
Litigation Files Department File Room
Scanned Images of pleadings on
Network drive
Outside Counsel/Courts
Add text here Add text here Add text here Add text here
Add text here Add text here Add text here Add text here
Add text here Add text here Add text here Add text here
Add text here Add text here Add text here Add text here
Add text here Add text here Add text here Add text here
Add text here Add text here Add text here Add text here
Description
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
29. Page No.
Business Impact Assessment
29
The effect of critical business concern and their impact on the firm’s growth will be assessed. How much amount is at stake will be determined. Firm strength, weaknesses will be evaluated, and
overall loss impact will be mentioned.
What's at Stake: $34 MM
Strengths
› Ability to work from alternate site if
access to e-mail and system is available
through dial-up access
› Will need records and files as well
› Add text here
Weaknesses
› Unable to work remotely if access to
records and files is restricted
Loss impact
› Department not be able to perform >95%
of its work without access to computers
or work areas
› Add text here
› Add text here
Department or Function – XYZ Corp.
Executive – Dexter Hastings
Number of Employees – 453
BCP Representative – Stella Thetcher
Primary Business Function – Add text here
Issue –
Network
failure
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
30. Page No.
Recovery Task List Maintenance
30
The tasks which can be recovered are mentioned with the time taken for the recovery and the person responsible for the recovery is mentioned.
Estimated Time Actual Time Assigned To Comments
1 day 1.5 day XYZ
Retrieval of department
Vital Records
Identify recovery site
Retrieve Business Continuity
Plans
Retrieval of department
Vital Records
Add text here
Add text here
Add text here
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
31. Page No.
Cybersecurity Maintenance Checklist
31
This slide provides information regarding service maintenance checklist that is prepared for the client and the activities mentioned will be performed on daily, weekly, monthly or quarterly basis.
Activities
System Monitoring – Real time ✔
Backup monitoring ✔
Preventive Maintenance ✔ ✔
Virus Scanning ✔
Security Patches ✔ ✔
Disk Error Checking ✔
Executive Reporting ✔ ✔
Review and Planning Meeting ✔ ✔
Daily Weekly Monthly Quarterly
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
32. Page No. 32
Role of Personnel
› Determining Roles and Responsibilities for Risk Handling
› Role of Management in Effective Information Security
Governance
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
33. Page No.
Chief Risk Officer
› Reports to executive management
› Development and implementation of risk management program
› Handles unacceptable risks and losses related to operations
› Add text here
Chief Information
Security Officer
› Responsible for firm’s information security program by assigning
appropriate level of protection to firm’s information resources
› Add text here
› Add text here
Senior Management
& Executive
› Documenting existing and new risks and their impact
› Add text here
› Add text here
› Add text here
Line Management
› Follow risk management practices
› Perform risk management activities
› Add text here
› Add text here
Determining Roles & Responsibilities for Risk Handling
33
This slide provides information regarding the roles and responsibilities of management in handling cyber security risks. Key people involved in risk handling are chief risk officer, chief information
security officer, senior management and executives and line managers.
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
34. Page No.
Role of Management in Effective Information Security Governance
34
This slide portrays information regarding the responsibilities that are to be performed by board of directors, senior executives, steering committees and chief information security office in order to
ensure the effective information security governance.
Strategic
Alignment
Risk
Management
Measuring
Performance
Value Delivery
Managing
Resource
Integration
Demonstrate
alignment
process
Assign risk
management
policies and
regulatory
compliance
Assign security
effectiveness
reporting
Assign security
activity costs and
protected
information value
Assign resource
utilization and
knowledge
management
policy
Assign process
integration policy
Develop
processes to
integrate
business and
security
objectives
Safeguard all
roles and
responsibilities
comprise of risk
management
activities
Security activities
monitoring and
reporting
Protected
information value
assessment
Safeguarding
processes for
capturing
knowledge
Deliver overview
of all process
functions and
integration plans
Ensure business
unit managers
and process
owners follow
integration
Review security
strategy
Emerging risks
and compliance
issues
identification
Review whether
security
initiatives meet
business
objectives
Security
initiatives review
security
resources
effectiveness
Process review
Critical business
processes
identification
Prepare security
strategy, security
program
initiatives
Prepare risk
mitigation
strategies,
business impact
assessments
Security activities
monitoring
Security
resources
effectiveness and
utilization
monitoring
Effectiveness and
efficiency metrics
development
Gaps
identification &
action plan
Management
Level
Board of
Directors
Senior
Executives
Steering
Committees
Chief
Information
Security Officer
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
35. Page No. 35
Cost Associated to Firm
› Budget for Effective Cybersecurity Management
› Staff Training Schedule with Cost
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
36. Page No.
Budget for Effective Cybersecurity Management
36
Firm has prepared a budget for managing cybersecurity by optimizing various functional areas. It also provides information about the software used and the duration required for implementation.
Functional Area Software Implement Duration Cost of Implementation
Incident Management XYZ Software 2 months $15,000
Risk Management ABC Software 3 months $12,000
Client Onboarding Process Add text here Add text here Add text here
Document Management Add text here Add text here Add text here
Information Management Add text here Add text here Add text here
Release Management Add text here Add text here Add text here
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
37. Page No.
Staff Training Schedule with Cost
37
The employees will also require external training which will play important role in their development. The external training will be given by experts of various fields. This training will not be free, and
charges will cost the firm per employee.
Packages Level 1 Level 2
Advanced software training
› Self assessment tools
› 3 hours class
› 3 online modules
› $150 per employee
› 7 hour blended real time online
class
› 3 – in person seminars
› $250 per employee
Advanced skills training
› Self assessment tools
› 4 hours class
› 7 online modules
› One on One evaluation
› $150 per employee
› 4 hour blended real time online
class
› 3 coaching sessions
› $250 per employee
Training module 1
› Self assessment tools
› 4 hours class
› 3 online modules
› Role playing
› $150 per employee
› 3 hour blended real time online
class
› 3 coaching sessions
› 3-hour role playing
› $250 per employee
Training module 2
› Self assessment tools
› 4 30 min. podcasts
› 3 online modules
› Role playing
› $150 per employee
› 5 hour blended real time online
class
› 3 in person seminars
› 3-hour role playing
› $250 per employee
› Fundamentals of information risk management
› Risk assessment including business impact assessment, threat, vulnerability
› Security policies in practice
› Supplier relationship management and information risk handling
› Add text here
› Add text here
Trainings will include –
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
38. Page No. 38
Impact Analysis
› Effective Security Management
› Implementing Cybersecurity Framework
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
39. Page No.
Impact Analysis – Effective Security Management
39
This slide portrays information regarding how firm is successful in handling security issues/events and is able in reducing the occurrence of events.
Q2 Q4
Q3
No. of systems where security
requirement not met
120 60 40 20
Unauthorized IP addresses, ports
& traffic
1520 1200 450 200
No. of access rights authorized,
revoked, reset or changed
120 102 82 42
No. of incidents damaging public
image
15 10 5 2
No. of malicious codes prevented 251 221 182 120
No. of actual access violations XX XX XX XX
No. of security incidents XX XX XX XX
Add text here XX XX XX XX
Add text here XX XX XX XX
Q1
FOCUS AREAS
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
40. Page No.
Impact Analysis – Implementing Cybersecurity Framework
40
This slide portrays information regarding the impact of successful implementation of cybersecurity framework or core functional areas. This slide portrays how IT department is progressing on
different aspects.
CSF Metric Start Current Target Trend
Controls Met 45% 60% 85% Improving
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
Recover
Respond
Detect
Protect
Identify
Performance
NIST
Core
Functions
Met Partially Met Not Met
This graph/chart is linked to excel, and changes automatically based on data. Just left click on it and select “Edit Data”.
41. Page No. 41
Dashboard
› Incidents Tracking
› Cyber Risk Management
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
42. Page No.
Dashboard – Incident Tracking
42
This slide portrays information regarding the dashboard that firm will track various incidents detected. These incidents will be managed in order to avoid cybersecurity risks.
Alerts 1Hr 24Hr
High 0 6
Medium 0 0
Low 0 1
Incidents Open - 0 Closed - 0
Alerts 1Hr 24Hr
High 0 0
Medium 0 0
Low 0 0
Incidents Open - 0 Closed - 0
Alerts 1Hr 24Hr
High 0 0
Medium 0 4
Low 0 1
Incidents Open - 0 Closed - 0
Application Whitelisting
Top 4
Patch Applications
Top 4
Patch Operating Systems
Top 4
Restrict Admin Privileges
Top 4
Alerts 1Hr 24Hr
High 0 3
Medium 0 0
Low 0 0
Incidents Open - 0 Closed - 0
Alerts 1Hr 24Hr
High 0 0
Medium 0 0
Low 0 0
Incidents Open - 0 Closed - 0
Alerts 1Hr 24Hr
High 0 0
Medium 0 0
Low 0 0
Incidents Open - 0 Closed - 0
Alerts 1Hr 24Hr
High 0 0
Medium 0 0
Low 0 0
Incidents Open - 0 Closed - 0
Disable untrusted
Microsoft Office Macros User Application Hardening Multi-Factor Authentification Daily backup of important data
Alerts 1Hr 24Hr
High 0 0
Medium 0 0
Low 0 0
Incidents Open - 0 Closed - 0
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
43. Page No.
Dashboard – Cyber Risk Management
43
This slide portrays information regarding the dashboard that firm will use to manage cyber risks. The dashboard will provide clear picture of risk prevailing and how they are treated to technical
engineers and board level executives.
# of Risks >= Threshold
Average Risk Threshold – 12.3
391
Risk Analysis Progress
87.5%
Response progress for Risks >= Threshold
56.2%
% Risks >= Threshold
37.5%
Critical Risk,
2%
High Risk,
13%
Low Risk,
45%
Medium Risk,
40%
Risk Rating Breakdown
Deferred,
1.9%
Implemented,
32.9%
Planned,
7.6%
TBD,
57.6%
Action Plan Breakdown
Total # of Risk Ratings
Rare Unlikely Moderate Likely Almost Certain
40 50 40 2 3
60 40 50 50 3
50 108 150 160 104
140 207 101 90 80
200 404 106 102 20
Severe
Major
Moderate
Minor
Insignificant
Risk Heat Map
25
67
33
44
28
0 20 40 60 80
Overly trusting employees
Physical Security
Dormant Accounts
Excessive user permissions
Encryption vulnerabilities
# Risks >= Threshold: Top 5 Vulnerabilities
16
16
18
19
66
0 10 20 30 40 50 60 70
Internal Medicine -…
Regional Medical Center
Asheville Vascular Care
Internal Medicine East
General Hospital
# Risks >= Threshold: Top 5 Entities
This graph/chart is linked to excel, and changes automatically based on data. Just left click on it and select “Edit Data”.
44. Page No.
Icons Slide for How to Present Cyber Security to Senior Management
44
This slide portrays information regarding the dashboard that firm will use to manage cyber risks. The dashboard will provide clear picture of risk prevailing and how they are treated to technical
engineers and board level executives.
46. Page No.
Cyber Security Governance
46
This slide portrays information about how firm will assess different alternate sites on certain parameters such as implementation cost, hardware and telecommunication connection requirement,
setup time, location.
Senior Management
Steering Committee and
Executive Management
CISO/
Steering Committee
Business Strategy
Risk Management/Information Security Strategy
Security Action Plan, Policies, Standards
Organisation objectives
Security Requirements
Security Programmes
Implementation
Security Objectives
Monitor/Metrics
Reporting Trend Analysis
47. Page No.
30 60 90 Days Plan
47
This slide portrays information about how firm will assess different alternate sites on certain parameters such as implementation cost, hardware and telecommunication connection requirement,
setup time, location.
30
DAYS
This slide is 100%
editable. Adapt it to your
needs and capture your
audience's attention.
Text Here
60
DAYS
This slide is 100%
editable. Adapt it to your
needs and capture your
audience's attention.
Text Here
90
DAYS
This slide is 100%
editable. Adapt it to your
needs and capture your
audience's attention.
Text Here
48. Page No.
Financial
48
This slide portrays information about how firm will assess different alternate sites on certain parameters such as implementation cost, hardware and telecommunication connection requirement,
setup time, location.
Revenue
This slide is 100% editable. Adapt it
to your needs and capture your
audience's attention.
245
$
Deposits
This slide is 100% editable. Adapt it
to your needs and capture your
audience's attention.
432
$
Net Income
This slide is 100% editable. Adapt it
to your needs and capture your
audience's attention.
352
$
49. Page No.
Bar Chart
49
This slide portrays information about how firm will assess different alternate sites on certain parameters such as implementation cost, hardware and telecommunication connection requirement,
setup time, location.
$0 $20 $40 $60 $80 $100
2018
2019
2020
In Dollars
Product 01
This graph/chart is linked to excel, and changes automatically
based on data. Just left click on it and select “Edit Data”.
Product 02
This graph/chart is linked to excel, and changes automatically
based on data. Just left click on it and select “Edit Data”.
Product 03
This graph/chart is linked to excel, and changes automatically
based on data. Just left click on it and select “Edit Data”.
50. Page No.
Dashboard
50
This slide portrays information about how firm will assess different alternate sites on certain parameters such as implementation cost, hardware and telecommunication connection requirement,
setup time, location.
50% 70%
30%
Minimum
This graph/chart is linked to excel,
and changes automatically based on
data. Just left click on it and select
“Edit Data”.
Medium
This graph/chart is linked to excel,
and changes automatically based on
data. Just left click on it and select
“Edit Data”.
Maximum
This graph/chart is linked to excel,
and changes automatically based on
data. Just left click on it and select
“Edit Data”.
51. Page No.
Our Team
51
This slide portrays information regarding the amount that is spend by firm in settling cases of cybersecurity failures which not only consider as financial losses but hampered firm’s public image.
This slide is 100% editable. Adapt it
to your needs and capture your
audience's attention.
Krystal Jung
designer
This slide is 100% editable. Adapt it
to your needs and capture your
audience's attention.
Theo James
designer
This slide is 100% editable. Adapt it
to your needs and capture your
audience's attention.
Adam Levine
designer
This slide is 100% editable. Adapt it
to your needs and capture your
audience's attention.
Sandara Than
designer
52. Page No.
Our Mission
52
This slide portrays information regarding the amount that is spend by firm in settling cases of cybersecurity failures which not only consider as financial losses but hampered firm’s public image.
This slide is 100% editable. Adapt it to
your needs and capture your
audience's attention.
Vision
This slide is 100% editable. Adapt it to
your needs and capture your
audience's attention.
Mission
This slide is 100% editable. Adapt it to
your needs and capture your
audience's attention.
Goal
53. Page No.
Weekly Timeline with Task Name
53
This slide portrays information about how firm will assess different alternate sites on certain parameters such as implementation cost, hardware and telecommunication connection requirement,
setup time, location.
Monday Tuesday Wednesday Thursday Friday Saturday Sunday
Text Here - - Text Here
Text Here Text Here
-
Text Here - Text Here
Text Here -
-
Text Here - - Text Here
Text Here
Text Here
Text Here
Text Here
Text Here
54. Page No.
01
02
03
04
05 06
This slide is 100% editable. Adapt
it to your needs and capture your
audience's attention.
This slide is 100% editable. Adapt
it to your needs and capture your
audience's attention.
This slide is 100% editable. Adapt
it to your needs and capture your
audience's attention.
This slide is 100% editable. Adapt
it to your needs and capture your
audience's attention.
This slide is 100% editable. Adapt
it to your needs and capture your
audience's attention.
This slide is 100% editable. Adapt
it to your needs and capture your
audience's attention.
Roadmap For Process Flow
54
This slide portrays information about how firm will assess different alternate sites on certain parameters such as implementation cost, hardware and telecommunication connection requirement,
setup time, location.