What We Do and How We’re Different

Last week, I told you a little bit about Cyber Risk Opportunities: Who we are, why we exist, and who we help.

Now, let me tell you how we fulfill our mission (help executives thrive as cyber risk managers) and how we’re different.

What We Do

It’s clear to us that the Federal Trade Commission (FTC), along with various laws and regulations, requires you to meet the “reasonable cybersecurity” standard.

Our year-long Cyber Risk Managed Program (MP) helps you do that.

There are three phases to the MP:

1. Measure & Score: Over the first 30 days, your prioritized list of cyber risks are generated from a single data set using the NIST Cybersecurity Framework (a new, rapidly spreading standard) and our own scoring system. We can include all the compliance reporting you need for HIPAA, PCI, ISO27001, SOC2, DFARS, and others.

2. Cyber Risk Mitigation Plan with Business Value Analysis: By day 60 of working with us, we provide a prioritized list of actions you need to take to show that are being “reasonable” with respect to cyber risk management. The Plan coordinates your people, process, technology, and management into a powerful combination. We describe the benefits of each step, including risk reduction, increased systems reliability, greater indemnity, and even return on investment.

3. Maintenance & Updates: For the next ten months, we walk out your cyber risk mitigation plan with you during our monthly and quarterly meetings. Our goal is to keep you moving by removing blocks and celebrating your major accomplishments.

After phases 1 and 2, you get a complete scorecard that fits on one double-sided, printed page (or on your iPad).

From a legal perspective, we’ve designed our offerings “backward from the lawsuit”. Our deliverables can support your “reasonableness” in front of a judge and jury, should you find yourself in that situation. To give you the most legal advantage in any situation, by working through outside counsel, we can perform our work under attorney-client privilege. That allows you to decide when and where to share details about your cyber risks.

If an MP isn’t right for you, we can perform the first two phases as a one-time Cyber Risk Assessment (CRA). Then you can walk out your Cyber Risk Mitigation Plan on your own or with help from another partner.

How We’re Different:

There are three significant ways we’re different from our competition:

1. Priority

One of the most important things we do is answer these questions for our customers: “What’s my top priority?” and “What’s the best use of my next cyber risk management dollar?”

And we don’t do it with dots scattered on heat maps. You get a clearly numbered list.

2. Business Value

There are important people at work who aren’t cyber risk experts, but who need to know what’s going on: Fellow executives, major investors, and your biggest customers. When you wonder “How do I explain our cyber risk situation to my stakeholders?” look to us to provide you with clear communications tools and business-oriented content.

3. Independent Leadership

Anytime you allow someone to perform a cybersecurity assessment, you should wonder, “How can I trust these results?”

Cyber Risk Opportunities is led by me, a former (and current virtual) CISO who sees the cyber risks like as you do: As a senior manager.

Moreover, our business model doesn’t require you to buy any follow-on services from us. And we don’t resell hardware, software, or anything else that will skew our analysis towards a pre-determined risk mitigation strategy.

Get in touch today to learn more and take advantage of a free 30-minute Q&A session with one of our cyber risk experts. Call 253-332-7867, or email us at info@cyberriskopportunities.com.

Leave a Reply

one × two =