Our Cyber Security Governance Systems review is a comprehensive independent review of cyber security from a governance and Board perspective, including the organisation’s cyber security framework, policies and processes, Board compliance responsibilities and strategic cyber security issues that directly affect the governance of your organisation.
This review not only provides a detailed report on all relevant aspects of cyber security governance systems and relevant operational activities (eg insurances, processes etc), but also provides recommendations for improvement.
This Cyber Security Governance Systems review provides insights into cyber security and its relevance and impact on the Board and senior executives, and practical strategies and tools to improve the process, the decision making, and the obligations of the Board and senior executives in relation to cyber security.
In addition, this process provides practical recommendations for action, and support to the Board and senior staff in achieving the necessary changes. This is an incredibly powerful process.
The process would include the following:
The process would include the following:
- Review of governance documentation related to cyber security. This would include at least the following: last 2 Board minutes and agendas, strategic management system and plan; risks, issues and opportunities register, any existing cyber security documentation, the Governance policy documentation, Board induction program, Board and senior executive performance reviews, public reporting such as annual reports, financial reports, any relevant insurance policies and other relevant material as agreed. (2 days)
- On-site audit of cyber security governance and tactical plans, policies and processes against the Critical Areas of Cyber security. Each of these Critical Areas will be investigated, analysed for document and process existence and quality, rated, recommendations made and priorities for action determined. This is conducted in conjunction with the CEO and senior executives, and provides a strategic process for exploring key cyber security issues at the senior executive level. Each of the areas that are in need of rectification or improvement are either addressed on the spot (eg. gathering management input into the Cyber security Strategy, sample policies provided, sample Tactical plans, recommendations made, procedures developed, charters drafted etc), or tools are provided to allow the staff or committees to efficiently address the issues identified. This desk audit provides evidence to assist in the recommendations to Board members regarding the cyber security governance functions of the organisation. (2 days)
- Board evaluation via face-to-face interviews of 1.5 hrs each of the Chair of Board and Chair of Finance/Risk subcommittee, to investigate their understanding of cyber security governance areas, strategic decision making around cyber security and their recommendations for improvement. These individual face-to-face interviews have been described by Directors who have been part of the process as a very powerful means of exploring cyber security governance practices and concepts, and invariably lead to increased understanding and awareness of the true roles of Directors in creating a cyber aware organisation. There is the possibility of conducting some interviews by Skype or similar means if it is impractical for Directors to attend. (1 days)
- Cyber security strategy course for Directors and Officers/Managers that will lead to the Board creating and adopting the Cyber security Strategy, which forms the basis of the Cyber security framework (0.5 days)
- Preparation and presentation to the Board on audit, and Board evaluation findings, with recommendations, timelines, and Best Practice processes demonstrated. An action plan will be developed for the Board regarding implementation of agreed areas. This action plan will provide key recommendations and proposed timelines for implementing once approved.(2.5 days)
Delivered in Conjunction With Advisory Boards Group (ABG).
ABG is a global consulting group that offers Consulting, Education and Advisory Boards to a wide variety of clients and industries. ABG utilizes the experience of its advisors, partners and consultants to provide world best practice and tailored advice in Cyber Security solution, Strategy innovation, Business growth and Change & Project management.
Steven Bowman, managing director of Conscious Governance, sat down with cybersecurity expert, Monica Schlesinger, at a recent conference to talk about cybersecurity from a director's perspective. The conversation is frank and tries to make sense of the evolving digital landscape for organizations and the associated risks Directors must now govern. (Please excuse the background noise in this audio clip.)