Value-Add of a Cybersecurity Program
By Gideon T. Rasmussen, CISSP, CRISC, CISA, CISM, CIPP
This slide addresses the value-add of a mature cybersecurity program. Please reference the supporting
narrative below.
Scroll to the right to view the whole image.
The cybersecurity program manages execution of preventive, detective and corrective controls.
We provide metrics, KPIs, KRIs and a risk register. That results in risk mitigation and transparency of
residual risk.
We lead change through our people. We establish program architecture and conduct process
design. We structure change through annual goals and a multi-generational plan. We anticipate
changes in the threat landscape and influence risk mitigation. Our program aligns to the risk
tolerance of the organization.
Cybersecurity leadership provides new capabilities, which increases effectiveness and
efficiency of the program. The program enables business operations and achievement
of new goals, supporting revenue growth in the process.
For some this may be aspirational, which is OK. “Plan the work, work the plan”. Here if you
need me.
