Value-Add of a Cybersecurity Program
By Gideon T. Rasmussen, CISSP, CRISC, CISA, CISM, CIPP

This slide addresses the value-add of a mature cybersecurity program. Please reference the supporting narrative below.

Scroll to the right to view the whole image.

The cybersecurity program manages execution of preventive, detective and corrective controls. We provide metrics, KPIs, KRIs and a risk register. That results in risk mitigation and transparency of residual risk.

We lead change through our people. We establish program architecture and conduct process design. We structure change through annual goals and a multi-generational plan. We anticipate changes in the threat landscape and influence risk mitigation. Our program aligns to the risk tolerance of the organization.

Cybersecurity leadership provides new capabilities, which increases effectiveness and efficiency of the program. The program enables business operations and achievement of new goals, supporting revenue growth in the process.

For some this may be aspirational, which is OK. “Plan the work, work the plan”. Here if you need me.

Click here to download the slide image (full-sized)

You may also be interested in: 'Program Maturity – Cybersecurity and Operational Risk Management'

Click here for more professional development tips