Cyber Governance and Resilience

Cyber Governance and Resilience

“In our digital age, the issues of cybersecurity are no longer just for the technology crowd; they matter to us all.”

- Eric Schmidt, Ex Chairman,
Alphabet, Google's parent company.

  1. Overview

Today, cyber security is the very heart of every business. In business we have to seize opportunities and manage risks with wisdom. Understanding potential threats, their context, readiness to counter, manage them and create a sustainable cybersecurity environment is the order of the day for businesses across the globe.

In today’s world it would be hard to question that cyber security should not be part of any organization’s enterprise risk management function, and thus, by inference, part of any director’s duty of oversight. In the corporate world, there is still much uncertainty on the “what” and “how to do” in order to mitigate risks coming from cyber threats. Typically, some more initiative is taken in larger, international companies, although medium-sized and family-owned businesses are equally subject to the same threats and exposures.

Even in larger companies, information security initiatives are often not properly sponsored by the highest level of the company. It is essential that business leaders take control of allocating resources to deal with cyber security, actively manage governance and decision making over cyber security, and build an informed and knowledgeable organizational culture.

  1. Approach

At Seven Step Consulting we strongly believe that sooner than later any cyber defense will be breached. It is now commonly accepted that it’s no longer a matter of “if” but “when” an organisation will suffer a cyber-attack. Effectively managing cyber risk means putting in place the right governance and the right supporting processes, along with the right enabling technology. It helps an organisation protect against cyber risks, defend against and limit the severity of attacks, and ensure its continued survival despite an attack.

Hence organisations need to develop an effective Cyber governance programme i.e., the preparation for, making of, and implementation of decisions regarding goals, processes, people and technology related to cyber activities on tactical and strategic level. To do this in a holistic fashion we will interact with multiple stake holders in your organization viz,

  • Top Management (e.g., CEO /Board of Directors)
  • IT Policy and Governance (e.g., Chief Information Security Officer)
  • Business Operations (e.g., Operations Manager)
  • IT Security Planning and Management (e.g., Director of Information Technology)
  • Business Continuity and Disaster Recovery Planning (e.g., BC/DR Manager)
  • IT Infrastructure (e.g., Network/System Administrator)
  • Risk Management (e.g., Enterprise/Operations Risk Manager)
  • IT Operations (e.g., Configuration/Change Managers)
  • Procurement and Vendor Management (e.g., Contracts and Legal Support Managers)

Our Cyber governance programme shall set the direction and the boundaries for the cyber approach of the organization. The fact that, due to the complexity of the cyber environment it is acceptable to have an approach that does not aim at being free from incidents but at being free from incidents that impact the core mission of the organisation is important for the cyber framework.

Our Cyber resilience programme shall ensure the ability of your organisation to withstand a (major) disruption (with prevention, repression and mitigation) and to recover within an acceptable time and composite costs and risk. It will enhance your ability to prepare for, respond to and recover from cyber-attacks.

  1. Benefits

A cyber-resilient posture helps you to:

  • Clear Reporting and Communication Channels
  • Implement preventive, detective, and reactive controls and drive enhancements to the overall security posture
  • Reduce financial losses;
  • Meet legal and regulatory requirements:
  • Improve your culture and internal processes; and
  • Protect your brand and reputation.
  1. Deliverables

Our Cyber Governance & Resilience Programme helps you identify areas in which the board should act to improve its cyber risk management.

We will perform an assessment of the current Policies and Standards, Organisational Structure and Reporting Framework relating to cyber security based on leading practice standards and frameworks and provide a report highlighting the areas of concerns and provide recommendations for closing the gaps .We shall capture your organization’s unique characteristics and current and target state capability maturity, use our extensive experience and library of good practice attributes, to work towards your cyber strategy. Once priorities have been set, we will help you in defining and developing your cyber security policies and standards, organizational structure and reporting metrics.

Some of the key outputs are:

  1. Understanding of Cyber Assets and Risks
  2. In-force Policies, Procedures and Guidelines
  3. Executive Commitment
  4. Stakeholder participation
  5. An articulated Cyber Strategy that sets the Strategic direction
  6. Cyber Governance to ensure Management oversight
  7. Risk management
  8. Defined and Empowered Roles and Responsibilities
  9. Audit and evaluation
  10. Clear Reporting and Communication Channels


    Penetration Security Testing