"You can download this product from SlideTeam.net"
Presenting How To Handle Cybersecurity Risk Powerpoint Presentation Slides. This complete PPT deck is composed of 55 visually-stunning templates. Build a presentation faster using our 100% customizable PowerPoint slideshow. Edit text, font, colors, orientation, shapes, background, and patterns however you choose. Change the file format into PDF, PNG, or JPG as and when convenient. This presentation works well with standard and widescreen resolutions. Use Google Slides for a quick view. https://bit.ly/3woGCUj
2. This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
Agenda for Cyber Security Risks
2
» Determining roles and responsibilities of senior management and executives who are responsible in risk
management
» Presenting optimize cybersecurity risk framework to senior management and executives
» Add text here
» Add text here
» Add text here
3. Table of Contents
3
01 Analyzing Current Scenario
» Present Concerns Impeding Cybersecurity
» Amount Spent on Cyber Fraud
Settlements
» Determining Firm Current Capabilities
» Analyzing IT Department on NIST
Cybersecurity Framework
02 Initiating Cyber Risk Management Program
» How Firm will Handle Cybersecurity Risks?
› Optimizing Cybersecurity Framework Roadmap
› Categorization of Cyber Risks
› Risk Assessment Matrix
› Cybersecurity Risk Management Worksheet
› Cybersecurity Risk Management Action Plan
04 Cybersecurity Contingency Plan
» Business Impact Analysis
» Backup Maintenance
› Selecting Offsite Storage Facility Vendor
› Developing Alternate Sites
› Assessing Different Alternate Sites
› Recovery Budget Planning
» Essential Contingency Plan Strategies
» Critical Business Functions Recovery Priorities
» Vital Records Maintenance Register
» Business Impact Assessment
» Recovery Task List Maintenance
» Cybersecurity Maintenance Checklist
06 Cost Associated to Firm
» Budget for Effective
Cybersecurity Management
» Staff Training Schedule with Cost
07 Impact Analysis
» Effective Security Management
» Implementing Cybersecurity
Framework
03 Incident Management
» Incident Reporting by Different Cyber
Departments
» Timeframe for Incident Management
» Selecting Security Incident
Management Software
08 Dashboard
» Incidents Tracking
» Cyber Risk Management
05 Role of Personnel
» Determining Roles and
Responsibilities for Risk Handling
» Role of Management in Effective
Information Security Governance
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
4. 01
Table Of Contents
4
Analyzing Current Scenario
» Present Concerns Impeding Cybersecurity
» Amount Spent on Cyber Fraud Settlements
» Determining Firm Current Capabilities
» Analyzing IT Department on NIST Cybersecurity Framework
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
5. 250
375
425
198 225
297
FY 2018 FY 2019 FY 2020
Data Breach Records Exposed (in Millions)
Data Breaches and Records Exposed
350 375
485
525
257
325
487
542
Q1 Q2 Q3 Q4
Financial Losses ('000$) Cybercrimes Incidents
Reported Financial Losses due to Increase In Cybercrimes
Present Concerns Impeding Cybersecurity
5
» Firm is observing rise in data breach incidents
» Risk of records of millions get exposed containing
confidential and sensitive information has also been
increased with breach incidents
» No on time breach notification leads to breach incidents
» Add text here
Key Takeaways
Key Takeaways
» There is increase in number of cybercrime incidents and
financial losses from Q1 to Q4
» Cybercrimes incidents consists of IP or sensitive data theft
» Add text here
This slide portrays information regarding the concerns that are currently existing in the organizations. It is essential for top level management to keep check on existing concerns as they have severe
impact on firm’s growth in terms of huge financial losses and bad public image.
This graph/chart is linked to excel, and changes automatically based on data. Just left click on it and select “Edit Data”.
6. Amount spent on Cyber
Fraud Settlements
6
This slide portrays information regarding the amount that is spend by firm in settling cases of cybersecurity failures which
not only consider as financial losses but hampered firm’s public image.
2017 2018 2019 2020 Total
Settlements 5 15 17 20 57
Amount $750,000 $2,520,000 $18,540,000 $27,500,000 $49,310,000
Average (per
settlement)
$150,000 $168,000 $1,090,588 $1,375,000 $2,783,588
FOCUS
AREAS
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
7. Determining firm current Capabilities
7
Description Key Enablers
Minimum
Standard
Evolving
Strength
Best in Class
Identify
Assessing cybersecurity risk & their impact on
firm and employees
Asset Management
Governance
Add text here
Protect
Safeguarding critical infrastructure service
delivery
Data Security
Access Control
Add text here
Detect Event occurrence identification
Threat Intelligence
Continuous Monitoring
Add text here
Response
Appropriate action to detected cybersecurity
event
Communication
Response Planning
Add text here
Recovery
Recovering capabilities impaired by
cybersecurity event
Incident Recovery
Add text here
Add text here
This slide portrays information regarding assessment of current cybersecurity framework on certain standards.
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
8. Analyzing IT Department on NIST Cybersecurity Framework
*NIST – National Institute of Standard and Technology
» Identify – Asset management, governance
» Protect – Data security
The current cybersecurity framework will be judged on certain parameters mentioned below
› Detect – Threat intelligence
› Protect – Incident response planning
› Recover – Incident recovery
Note –
0% 20% 40% 60% 80% 100%
Recover
Respond
Detect
Protect
Identify
Performance
NIST
Core
Functions
Met Partially Met Not Met
This slide is 100% editable. Adapt it to your needs and capture your audience's attention. 8
This slide portrays information regarding how firm will analyze its current cybersecurity framework. It will assess the framework on certain crucial parameters.
9. 02
Table Of Contents
9
Initiating Cyber Risk Management Program
» How Firm will Handle Cybersecurity Risks?
› Optimizing Cybersecurity Framework Roadmap
› Categorization of Cyber Risks
› Risk Assessment Matrix
› Cybersecurity Risk Management Worksheet
› Cybersecurity Risk Management Action Plan
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
10. Optimizing Cybersecurity Framework Roadmap
10
Implement
enterprise
security program
Implement
control
environment
Immediate (0-6
Months)
Incident response plan
Add text here
Add text here
Network upgradation
Logging & monitoring
Add text here
Handling threats
Add text here
Add text here
Short Term (3-12
Months)
Testing of incident response
plan
Add text here
Add text here
Record management
Add text here
Add text here
Patch management
Add text here
Add text here
Long Term (12->
Months)
Risk management
Add text here
Add text here
Platform upgradation
Network upgradation
Add text here
Security assessment &
maintenance
Add text here
Add text here
Implement
security
processes
» Governance strategy planning
» Skills development planning and training
» Add text here
This slide portrays information regarding optimization of current cybersecurity framework. The IT department will require to fulfill crucial activities in specific timeframe.
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
11. Categorization of Cyber Risks
11
This slide provides information reading the various cyber risks that firm might face. These risks are categorized into different categories such as low, medium, high, severe and extreme. This
categorization is based on certain parameters such as financial impact, damage extent.
03
Severe Risk
» Significant impact on firm’s
reputation
» Hinderance in mission critical
systems and business
operations
» Moderate impact on firm’s
stock price
» Add text here
04
Extreme Risk
» Huge damage to firm’s
reputation
» Negative impact on firm’s
long-term competitive
positioning
» Potential physical harm or
fatality
» Significant impact on firm’s
stock price
» Add text here
05
High Risk
» Impact on firm’s reputation
» Hinderance in business
essential systems and
operations
» Regulatory, contractual or
statutory requirement
violations
» Negative impact on firm’s stock
price
» Add text here
02
Medium Risk
» Financial impact between - $5K
- $50K
» No damage to business image
and business operations
» Hinderance in business
supporting and business core
functions
» Violation of contractual
requirement violations
» Add text here
01
Low Risk
» Negligible financial impact
» No damage to business
image and business
operations
» No regulatory, contractual or
statutory requirement
violations
» Add text here
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
12. Risk Assessment Matrix
12
Risk 4 Risk 1
Risk 3
Risk 2
Severity
Insignificant
(<$100,000)
Minor
($100,000 -
$500,000)
Significant
($100,000 - $1MM)
Serious
($1MM - $10MM)
Catastrophic
($10MM - $10 MM)
Likelihood
Extremely Unlikely
(1/30 years)
Unlikely
(1/year)
50/50 chance
Likely
(3/year)
Very Likely
(30/year)
Risk 4 Risk 1
Risk 3
Risk 2
The risk assessment matrix is an effective tool that helps in evaluating cyber risk by considering the probability of risk to happen against the severity linked with potential risk available.
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
13. Identified Risk Risk Likelihood Risk Severity Implement Controls Risk Treatment Responsible Person
Security Breach Unlikely Serious
Cyber security
contingency plan
Transfer Add text here
Task errors Likely Serious Add text here Accept Add text here
Add text here Add text here Add text here Add text here Add text here Add text here
Add text here Add text here Add text here Add text here Add text here Add text here
Add text here
Add text here Add text here Add text here Add text here Add text here
01
02
03
04
05
Cybersecurity Risks Management Worksheet
13
Risk Priority (1-5)
The risk assessment matrix is an effective tool that helps in evaluating cyber risk by considering the probability of risk to happen against the severity linked with potential risk available.
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
14. Potential
Risk
Risk Level
Reason for
Risk Rating
Action
Required
Resources
Responsible
Person
Duration
Communica
tion
Risk
Treated
Review
Date
Security Breach High
Confidential
information
security at risk
Cyber security
contingency plan
– root cause
analysis and
protective
measures
Data backup
team and plan
Emergency
mode operation
plan
Cyber Security
Officer
Board – to
endorse and
approve
15 days (due for
completion in 4
Nov. 2020)
Cyber incident
recovery
coordination
through meetings
No 4 Nov 2020
Add text here Add text here Add text here Add text here Add text here Add text here Add text here Add text here Add text here Add text here
Add text here Add text here Add text here Add text here Add text here Add text here Add text here Add text here Add text here Add text here
Add text here Add text here Add text here Add text here Add text here Add text here Add text here Add text here Add text here Add text here
Add text here Add text here Add text here Add text here Add text here Add text here Add text here Add text here Add text here Add text here
Cybersecurity Risks Management Action Plan (1/2)
14
The risk management action plan will help in keeping the track of potential risks that are existing and what are their level, what are the resources required to handle them. The person responsible in
handling the risk will keep track of the risk resolve duration and will check whether the risk is treated or not.
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
15. Event Action
Failure in collecting receivables in
timely manner
Reduce
Failure to meet compliance
obligations
Avoid
Add text here Add text here
Add text here Add text here
Add text here Add text here
Add text here Add text here
Implement receivables
tracking and follow up
process
Office Manager 21 Nov 2020
Develop and implement
compliance monitoring
process
Add text here 12 Dec 2020
Add text here Add text here Add text here
Add text here Add text here Add text here
Add text here Add text here Add text here
Add text here Add text here Add text here
Event Action Plan Risk Owner Resolve Date
Cybersecurity Risks Management Action Plan (2/2)
15
Risk Treatment
The risk management action plan will help in keeping the track of potential risks that are existing and what are their level, what are the resources required to handle them. The person responsible in
handling the risk will keep track of the risk resolve duration and will check whether the risk is treated or not.
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
Risk Identification
16. 03
Table Of Contents
16
Incident Management
» Incident Reporting by Different Cyber Departments
» Timeframe for Incident Management
» Selecting Security Incident Management Software
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
17. Description Department A Department B Department C Department D
Number of
incidents
2 3 4 6
Person involved in
the incident
1 2 1 3
Average Cost per
Incident
$20000 $150000 $150000 $700000
Add text here XXXX XXXX XXXX XXXX
Add text here XXXX XXXX XXXX XXXX
Add text here XXXX XXXX XXXX XXXX
Incident Reporting by Different Cyber Departments
17
This slide will help in providing an overview of the various reported incidents, average cost per incident and number of people involved in the various incidents across different cyber departments.
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
18. Timeframe for Incident Management
Incident logging
Through – emails, phone calls, SMS,
live chat messages
30 mins
Ticket creation
› Incident
› Service request
15 mins
Incident categorization
o High
o Medium
o Low
45 mins
Incident prioritization
o Critical
o High
o Medium
o Low
1 hour
Incident resolution Add text here 6 – 12 hours
Incident closure Add text here 2 hour
Phase Description Working Hours
This slide is 100% editable. Adapt it to your needs and capture your audience's attention. 18
This slide provides information regarding entire duration of incident handling process which occur in various phases.
19. Features
Software
Security Incident
Forms
Automated
workflows
Centralized
platform
Access Rights API integration
Information
security
prevention
Cost
Description
Customized form
for relevant
information
regarding issues
such as phishing
or attack
Notify customers
or employees
during breach
Compilation of
relevant
information to
handle future
incidents
Customize
ownership to
handle sensitive
information
Issues prioritizing
and tracking by
merging security
scans results
Aligning business
continuity plan to
industry standards
Software 1 $11,000
Software 2 $12,500
Software 3 $15,000
Software 4 $18,000
Software 5 $19,500
Selecting Security Incident Management Software
19
This slide will help firm in choosing the suitable automated incident management software which is to handle existing security and privacy issues and predict upcoming incidents. The firm will choose
effective software with features such as automated workflows, centralized platform, etc.
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
20. 04
Table Of Contents
20
Cybersecurity Contingency Plan
» Business Impact Analysis
» Backup Maintenance
› Selecting Offsite Storage Facility Vendor
› Developing Alternate Sites
› Assessing Different Alternate Sites
› Recovery Budget Planning
» Essential Contingency Plan Strategies
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
» Critical Business Functions Recovery Priorities
» Vital Records Maintenance Register
» Business Impact Assessment
» Recovery Task List Maintenance
» Cybersecurity Maintenance Checklist
21. Business Processes Vital Resources
Payroll process LAN servers
Attendance & time reporting Email servers
Add text here WAN access
Add text here Mainframe access
Add text here Add text here
Add text here Add text here
Vital Resources Max. allowable outage time Impact
LAN servers 9 Hr
› Delay in payroll process
› Not able to perform
regular payroll
operations
Database servers 6 Hr
› No access to inventory
system
WAN access XX Hr › Add text here
Mainframe access XX Hr › Add text here
Step 1 - Determining vital IT resources Step 2 - Determining issues impacts and acceptable outage time
Vital Resources Recovery priorities
LAN servers High
Email servers Low
WAN access Medium
Mainframe access High
Add text here Add text here
Add text here Add text here
This slide portrays information about IT systems functions and required resources to perform them. It will also determine maximum allowable outage time and recovery priorities.
Cybersecurity Contingency Plan – Business Impact Analysis
21
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
Step 3 – Assign recovery priorities
22. Backup Maintenance – Selecting Offsite Storage Facility Vendor
22
This slide portrays information about how firm will maintain its backup. It will select appropriate vendor facility by assessing them various vendors on parameters such as geographic location,
accessibility, security, environment and cost.
Geographic location
» Distance from organization
» Add text here
» Add text here
Accessibility
» Time required for data retrieval
from storage facilities
» Add text here
» Add text here
Security
» Employee's confidentiality
» Security capabilities meeting data
sensitivity & security requirements
» Add text here
Environment
» Structural conditions of storage's facility
such as temperature, humidity, power
management controls
» Add text here
Cost
» Operational fees
» Disaster recovery services
» Add text here
02
03
05
01
04
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
23. Backup Maintenance - Developing Alternate Sites
23
The contingency plan consists of building an alternate site in order to perform system operations. The firm can build their own alternate site or can acquire site on commercial lease.
01 02 03 04 01
Cold Sites
» Facility with adequate
infrastructure and space for
IT system support
» Infrastructure facility –
electricity, wired
connections
» No IT equipment available
» Add text here
Hot Sites
» Office spaces with
necessary hardware,
supporting infrastructure
and staff
» Staff at hot site are
available 24x7
» Add text here
Warm Sites
» Partial equipped office
space with some hardware,
software, wired
connections equipment
» Normal operational facility
for another system during
contingency plan activation
event
» Add text here
Mobile Site
» Customized, transportable
shells with essential IT and
wired connections
equipment
» Add text here
Mirrored Site
» Facilities with real
tie information
mirroring with all
technical aspects
» Identical to
primary site
» Sites are organized,
designed, built,
and operated by
organization
» Add text here
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
24. Site Implementation cost
Hardware equipment
requirement
Telecommunication
connection
requirement
Time to setup Location
Cold Sites Low None None Long Fixed
Warm Sites Medium Partial Partial/ Full Medium Fixed
Hot Sites Medium/ high Full Full Short Fixed
Mobile Site High Dependent Dependent Dependent Not Fixed
Mirrored Site High Full Full None Fixed
This slide portrays information about how firm will assess different alternate sites on certain parameters such as implementation cost, hardware and telecommunication connection requirement, setup
time, location.
Backup Maintenance – Assessing Different Alternate Sites
24
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
25. Backup Maintenance – Recovery Budget Planning
25
The firm requires enough financial resources for effective contingency
plan implementation. The top-level executives need to allot budget to
handle costs associated to vendors, hardware, software, shipping, testing
and supply.
Vendor Costs Hardware Costs Software Costs
Travel/ Shipping
Costs
Labor/ Contractor
Costs
Testing Costs Supply Costs
Alternate site
Cold site Add text here Add text here Add text here Add text here Add text here Add text here Add text here
Warm site Add text here Add text here Add text here Add text here Add text here Add text here Add text here
Hot site Add text here Add text here Add text here Add text here Add text here Add text here Add text here
Mobile site Add text here Add text here Add text here Add text here Add text here Add text here Add text here
Mirrored site Add text here Add text here Add text here Add text here Add text here Add text here Add text here
Offsite storage
Commercial Add text here Add text here Add text here Add text here Add text here Add text here Add text here
Internal Add text here Add text here Add text here Add text here Add text here Add text here Add text here
Equipment
replacement
SLAs Add text here Add text here Add text here Add text here Add text here Add text here Add text here
Storage Add text here Add text here Add text here Add text here Add text here Add text here Add text here
Add text here Add text here Add text here Add text here Add text here Add text here Add text here Add text here
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
26. Essential Contingency Plan Strategies
26
Server Website
Local area
network
Wide area
network
Mainframe
systems
Distributes
systems
Contingency plan coordination with
system security controls
✔ ✔ ✔ ✔ ✔ ✔
Vendors coordination ✔ ✔
Systems, configurations & vendor
information documentation
✔ ✔ ✔ ✔ ✔ ✔
Add text here ✔ ✔
Add text here ✔ ✔ ✔
Single points of failures detection ✔ ✔
Redundancy implementation in critical
components
✔ ✔
System backups ✔ ✔ ✔ ✔ ✔
Remote access and wireless
technologies integration
✔ ✔
Add text here ✔ ✔
Add text here ✔ ✔ ✔
Contingency
considerations
Contingency
solutions
This slide portrays information contingency considerations and solutions. The considerations consists of technical requirements that assist contingency solution and contingency solution are used to
implement contingency strategy.
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
27. Critical Business Functions Recovery Priorities
27
Department Priorities Maximum Allowable Downtime
Department 1 1-2 Days 3-5 days 1-2 weeks > 2 weeks
Contracts Critical
Add text here Add text here
Add text here Add text here
Department 2
Add text here Add text here
Add text here Add text here
Whenever the firm hits serious security risks, it will need to retrieve the crucial information based on priorities in IT department and time taken to retrieve the information.
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
28. Description Primary Location of Records
Alternate (Backup) Location of
Records
Other Sources to Obtain Records
Settlement Agreements Department File Cabinets Vault
Scanned images on Network
drive/Other Parties
Litigation Files Department File Room
Scanned Images of pleadings on
Network drive
Outside Counsel/Courts
Add text here Add text here Add text here Add text here
Add text here Add text here Add text here Add text here
Add text here Add text here Add text here Add text here
Add text here Add text here Add text here Add text here
Add text here Add text here Add text here Add text here
Add text here Add text here Add text here Add text here
Vital Records Maintenance Register
28
The IT department will keep track of crucial information and the location where these records are kept, it will also provide information regarding alternate backup location of the records and the other
sources through which records can be retrieved.
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
29. Strengths
» Ability to work from alternate site if
access to e-mail and system is available
through dial-up access
» Will need records and files as well
» Add text here
Weaknesses
» Unable to work remotely if
access to records and files is
restricted
Loss Impact
» Department not be able to perform
>95% of its work without access to
computers or work areas
» Add text here
» Add text here
Issue –
Network
failure
Department or Function – XYZ Corp.
Executive – Dexter Hastings
Number of Employees – 453
BCP Representative – Stella Thatcher
Primary Business Function – Add text here
Business Impact Assessment
29
The effect of critical business concern and their impact on the firm’s growth will be assessed. How much amount is at stake will be determined. Firm
strength, weaknesses will be evaluated, and overall loss impact will be mentioned.
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
What's at Stake: $ 34 MM
30. Recovery Task List Maintenance
30
Task No. Task Description Estimated Time Actual Time Assigned To Comments
1 Retrieval of department Vital Records 1 day 1.5 day XYZ
2 Identify recovery site
3 Retrieve Business Continuity Plans
4 Retrieval of department Vital Records
5 Add text here
6 Add text here
7 Add text here
The tasks which can be recovered are mentioned with the
time taken for the recovery and the person responsible
for the recovery is mentioned.
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
31. Activities
Daily Weekly Monthly Quarterly
System Monitoring – Real time
Backup monitoring
Preventive Maintenance
Virus Scanning
Security Patches
Disk Error Checking
Executive Reporting
Review and Planning Meeting
Cybersecurity Maintenance Checklist
31
This slide provides information regarding service maintenance checklist that is prepared for the client and the activities mentioned will be performed on daily, weekly, monthly or quarterly basis.
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
32. 05
Table Of Contents
32
Role of Personnel
» Determining Roles and Responsibilities for Risk Handling
» Role of Management in Effective Information Security Governance
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
33. Determining Roles & Responsibilities for Risk Handling
33
Chief Risk
Officer
Chief
Information
Security Officer
Senior
Management &
Executive
Line
Management
» Reports to executive management
» Development and implementation of risk management program
» Handles unacceptable risks and losses related to operations
» Add text here
» Responsible for firm’s information security program by assigning appropriate
level of protection to firm’s information resources
» Add text here
» Add text here
» Documenting existing and new risks and their impact
» Add text here
» Add text here
» Add text here
» Follow risk management practices
» Perform risk management activities
» Add text here
» Add text here
The employees will also require external training which will play important role in their development. The external training will be given by experts of various fields. This training will not be free, and
charges will cost the firm per employee.
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
34. Strategic
Alignment
Risk Management
Measuring
Performance
Value Delivery
Managing
Resource
Integration
Demonstrate
alignment process
Assign risk
management policies
and regulatory
compliance
Assign security
effectiveness
reporting
Assign security
activity costs and
protected
information value
Assign resource
utilization and
knowledge
management policy
Assign process
integration policy
Develop processes to
integrate business
and security
objectives
Safeguard all roles
and responsibilities
comprise of risk
management
activities
Security activities
monitoring and
reporting
Protected
information value
assessment
Safeguarding
processes for
capturing knowledge
Deliver overview of
all process functions
and integration plans
Ensure business unit
managers and
process owners
follow integration
Review security
strategy
Emerging risks and
compliance issues
identification
Review whether
security initiatives
meet business
objectives
Security initiatives
review security
resources
effectiveness
Process review
Critical business
processes
identification
Prepare security
strategy, security
program initiatives
Prepare risk
mitigation strategies,
business impact
assessments
Security activities
monitoring
Security resources
effectiveness and
utilization
monitoring
Effectiveness and
efficiency metrics
development
Gaps identification &
action plan
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
Role of Management in Effective Information Security Governance
34
Chief Information
Security Officer
Board of
Directors
Senior
Executives
Steering
Committees
Management
Level
This slide portrays information regarding the responsibilities that are to be performed by board of directors, senior executives, steering committees and chief information security office in order to
ensure the effective information security governance.
35. 06
Table Of Contents
35
Cost Associated to Firm
» Budget for Effective Cybersecurity Management
» Staff Training Schedule with Cost
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
36. Functional Area Software Implement Duration Cost of Implementation
Incident Management XYZ Software 2 months $15,000
Risk Management ABC Software 3 months $12,000
Client Onboarding Process Add text here Add text here Add text here
Document Management Add text here Add text here Add text here
Information Management Add text here Add text here Add text here
Release Management Add text here Add text here Add text here
Budget for Effective Cybersecurity Management
36
The employees will also require external training which will play important role in their development. The external training will be given by experts of various fields. This training will not be free, and
charges will cost the firm per employee.
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
37. Staff Training Schedule with Cost
37
Trainings will include –
» Fundamentals of information risk management
» Risk assessment including business impact assessment, threat,
vulnerability
» Security policies in practice
» Supplier relationship management and information risk handling
» Add text here
» Add text here
The employees will also require external training which will play important role in their development. The external training will be given by experts of various fields. This training will not be free, and
charges will cost the firm per employee.
Packages Level 1 Level 2
Advanced software training
» Self assessment tools
» 3 hours class
» 3 online modules
» $150 per employee
» 7 hour blended real time online class
» 3 – in person seminars
» $250 per employee
Advanced skills training
» Self assessment tools
» 4 hours class
» 7 online modules
» One on One evaluation
» $150 per employee
» 4 hour blended real time online class
» 3 coaching sessions
» $250 per employee
Training module 1
» Self assessment tools
» 4 hours class
» 3 online modules
» Role playing
» $150 per employee
» 3 hour blended real time online class
» 3 coaching sessions
» 3-hour role playing
» $250 per employee
Training module 2
» Self assessment tools
» 4 30 min. podcasts
» 3 online modules
» Role playing
» $150 per employee
» 5 hour blended real time online class
» 3 in person seminars
» 3-hour role playing
» $250 per employee
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
38. 07
Table Of Contents
38
Impact Analysis
» Effective Security Management
» Implementing Cybersecurity Framework
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
39. Impact Analysis – Effective Security Management
39
Focus Areas Q1 Q2 Q3 Q4
No. of systems where security
requirement not met
120 60 40 20
Unauthorized IP addresses, ports
& traffic
1520 1200 450 200
No. of access rights authorized,
revoked, reset or changed
120 102 82 42
No. of incidents damaging public
image
15 10 5 2
No. of malicious codes prevented 251 221 182 120
No. of actual access violations XX XX XX XX
No. of security incidents XX XX XX XX
Add text here XX XX XX XX
Add text here XX XX XX XX
This slide portrays information regarding how firm is successful in handling security issues/events and is able in reducing the occurrence of events.
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
40. Impact Analysis – Implementing Cybersecurity Framework
40
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
Recover
Respond
Detect
Protect
Identify
Performance
NIST
Core
Functions
Met Partially Met Not Met
CSF Metric Start Current Target Trend
Controls Met 45% 60% 85% Improving
This slide portrays information regarding the impact of successful implementation of cybersecurity framework or core functional areas. This slide portrays how IT department is progressing on
different aspects.
This graph/chart is linked to excel, and changes automatically based on data. Just left click on it and select “Edit Data”.
41. 08
Table Of Contents
41
Dashboard
» Incidents Tracking
» Cyber Risk Management
This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
42. This slide is 100% editable. Adapt it to your needs and capture your audience's attention.
Dashboard – Incident Tracking
42
This slide portrays information regarding the dashboard that firm will track various incidents detected. These incidents will be managed in order to avoid cybersecurity risks.
Alerts 1Hr 24Hr
High 0 6
Medium 0 0
Low 0 1
Incidents Open - 0 Closed - 0
Application Whitelisting
Top 4
Alerts 1Hr 24Hr
High 0 0
Medium 0 0
Low 0 0
Alerts 1Hr 24Hr
High 0 0
Medium 0 4
Low 0 1
Alerts 1Hr 24Hr
High 0 3
Medium 0 0
Low 0 0
Patch Applications
Top 4
Patch Operating Systems
Top 4
Restrict Admin Privileges
Top 4
Incidents Open - 0 Closed - 0 Incidents Open - 0 Closed - 0 Incidents Open - 0 Closed - 0
Alerts 1Hr 24Hr
High 0 0
Medium 0 0
Low 0 0
Incidents Open - 0 Closed - 0
Disable untrusted
Microsoft Office Macros
Alerts 1Hr 24Hr
High 0 0
Medium 0 0
Low 0 0
Alerts 1Hr 24Hr
High 0 0
Medium 0 0
Low 0 0
Alerts 1Hr 24Hr
High 0 0
Medium 0 0
Low 0 0
User Application
Hardening
Multi-Factor
Authentication
Daily backup of
important data
Incidents Open - 0 Closed - 0 Incidents Open - 0 Closed - 0 Incidents Open - 0 Closed - 0
43. Total # of Risk Ratings
Rare Unlikely Moderate Likely Almost Certain
40 50 40 2 3
60 40 50 50 3
50 108 150 160 104
140 207 101 90 80
200 404 106 102 20
Dashboard – Cyber Risk Management
43
16
16
18
19
66
0 10 20 30 40 50 60 70
Internal Medicine - Davidson
Regional Medical Center
Asheville Vascular Care
Internal Medicine East
General Hospital
# Risks >= Threshold: Top 5 Entities
This graph/chart is linked to excel, and changes automatically based on data. Just left click on it and select “Edit Data”.
This slide portrays information regarding the dashboard that firm will use to manage cyber risks. The dashboard will provide clear picture of risk prevailing and how they are treated to technical
engineers and board level executives.
Severe
Major
Moderate
Minor
Insignificant
Risk Analysis Progress
87.5%
Response progress for
Risks >= Threshold
56.2%
% Risks >= Threshold
37.5% 391
# of Risks >= Threshold
Average Risk Threshold – 12.3
Risk Heat Map Action Plan Breakdown
Deferred,
1.9%
Implemented,
32.9%
TBD,
57.6%
Planned,
7.6%
Risk Rating Breakdown
Critical
Risk, 2%
High Risk,
13%
Medium
Risk, 40%
Low
Risk, 45%
25
67
33
44
28
0 20 40 60 80
Overly trusting employees
Physical Security
Dormant Accounts
Excessive user permissions
Encryption vulnerabilities
# Risks >= Threshold: Top 5 Vulnerabilities
46. This slide portrays information about how firm will assess different alternate sites on certain parameters such as implementation cost, hardware and telecommunication connection requirement, setup
time, location.
Cyber Security Governance
46
Organisation
objectives
Security
Requirements
Security
Programs
Implementation
Security Objectives
Monitor/Metrics
Reporting Trend Analysis
Business Strategy
Risk Management/Information
Security Strategy
Security Action Plan, Policies, Standards
Senior
Management
Steering Committee and
Executive Management
CISO/
Steering Committee
47. 30 60 90 Days Plan
47
This slide portrays information about how firm will assess different alternate sites on certain parameters such as implementation cost, hardware and telecommunication connection requirement, setup
time, location.
This slide is 100% editable. Adapt it to your
needs and capture your audience's attention.
Text Here
This slide is 100% editable. Adapt it to your
needs and capture your audience's attention.
Text Here
This slide is 100% editable. Adapt it to your
needs and capture your audience's attention.
Text Here
30
60
90
Days
Days
Days
48. Financial
48
Revenue
This slide is 100%
editable. Adapt it to
your needs and
capture your
audience's attention.
245
$
Deposits
This slide is 100%
editable. Adapt it to
your needs and
capture your
audience's attention.
432
$
Net Income
This slide is 100%
editable. Adapt it to
your needs and
capture your
audience's attention.
352
$
This slide portrays information about how firm will assess different alternate sites on certain parameters such as implementation cost, hardware and telecommunication connection requirement, setup
time, location.
49. 70%
50%
20%
60%
20%
0%
10%
20%
30%
40%
50%
60%
70%
80%
2016 2017 2018 2019 2020
In
Percentage
Financial Year
Clustered Column
49
This slide portrays information about how firm will assess different alternate sites on certain parameters such as implementation cost, hardware and telecommunication connection requirement, setup
time, location.
Product 01
This graph/chart is linked to excel, and
changes automatically based on data. Just
left click on it and select “Edit Data”.
Product 02
This graph/chart is linked to excel, and
changes automatically based on data. Just
left click on it and select “Edit Data”.
50. Dashboard
50
This slide portrays information about how firm will assess different alternate sites on certain parameters such as implementation cost, hardware and telecommunication connection requirement, setup
time, location.
Minimum
This graph/chart is linked to
excel, and changes automatically
based on data. Just left click on it
and select “Edit Data”.
0%
20%
50%
80%
100%
10%
30%
40% 60%
70%
90%
30%
Medium
This graph/chart is linked to
excel, and changes automatically
based on data. Just left click on it
and select “Edit Data”.
0%
20%
50%
80%
100%
10%
30%
40% 60%
70%
90%
50%
Maximum
This graph/chart is linked to
excel, and changes automatically
based on data. Just left click on it
and select “Edit Data”.
0%
20%
50%
80%
100%
10%
30%
40% 60%
70%
90%
70%
51. Our Team
51
This slide is 100% editable.
Adapt it to your needs and
capture your
audience's attention.
Krystal Jung
designer
This slide is 100% editable.
Adapt it to your needs and
capture your
audience's attention.
Theo James
designer
This slide is 100% editable.
Adapt it to your needs and
capture your
audience's attention.
Adam Levine
designer
This slide portrays information regarding the amount that is spend by firm in settling cases of cybersecurity failures which not only consider as financial losses but hampered firm’s public image.
52. Our Mission
52
This slide is 100% editable. Adapt it to your
needs and capture your audience's attention.
Vision
This slide is 100% editable. Adapt it to your
needs and capture your audience's attention.
Mission
This slide is 100% editable. Adapt it to your
needs and capture your audience's attention.
Goal
This slide portrays information regarding the amount that is spend by firm in settling cases of cybersecurity failures which not only consider as financial losses but hampered firm’s public image.
53. Monday Tuesday Wednesday Thursday Friday Saturday Sunday
Text Here - - Text Here
Text Here Text Here
-
Text Here - Text Here
Text Here -
-
Text Here - - Text Here
Weekly Timeline with Task Name
53
This slide portrays information about how firm will assess different alternate sites on certain parameters such as implementation cost, hardware and telecommunication connection requirement, setup
time, location.
Text Here
Text Here
Text Here
Text Here
Text Here
54. Roadmap for Process Flow
54
START
FINISH
This slide is 100%
editable. Adapt it to your
needs and capture your
audience's attention.
Text Here
This slide is 100%
editable. Adapt it to your
needs and capture your
audience's attention.
Text Here
This slide is 100%
editable. Adapt it to your
needs and capture your
audience's attention.
Text Here
This slide is 100%
editable. Adapt it to your
needs and capture your
audience's attention.
Text Here
This slide is 100%
editable. Adapt it to your
needs and capture your
audience's attention.
Text Here
This slide is 100%
editable. Adapt it to your
needs and capture your
audience's attention.
Text Here
01
02
03
04
05
06
This slide portrays information about how firm will assess different alternate sites on certain parameters such as implementation cost, hardware and telecommunication connection requirement, setup
time, location.