Risk Assessment and Cybersecurity Plan Presented by Ron Fleming President, Cross Link Group September 16, 2019
Cross Link Group (CLG) History • Started in 1996 to serve only ministries to the glory of God • Currently servicing over 50 ministries including several financial ministries • 23 years of CEO/CIO technology leadership experience in ministry • CLG provides technology services in: • Cybersecurity and Compliance Risk Assessment • Enterprise Technology Assessments and Strategic Planning • Large Software Projects Delivery and Rescue • Network Infrastructure • Service Desk
What is a Security Framework? A Logical and Comprehensive Top Down Method to Measure Cybersecurity and Compliance Risk Mitigation
Cybersecurity Policy Packet • Almost 50 industry-related standard policies are necessary for financial ministries • Policies need to based on top national and international standards bodies and best practices (NIST, COBIT, ITIL, etc.) • Policies need to take into consideration data privacy requirements (FDIC, PCI DSS, HIPAA, NACHA, GDPR, etc.) • Policies should help drive Enterprise Risk Management for your ministry
Policy Dashboard** **CoNetrixTandem is the tool of choice to provide policy/risk management
List of Policies** **CoNetrixTandem is the tool of choice to provide policy/risk management
Information Cybersecurity Risk Assessment • Initial Cybersecurity Risk Assessment informs the organization of compliance/ cybersecurity risks and the process to mitigate those risks • Based on industry-related data and questionnaire, a preliminary Risk Residual dashboard should be followed • The Cybersecurity Policy Packet and Risk Assessment results should be quantified in the Risk Residual dashboard for the organization • The Risk Residual dashboard highlights security threats and vulnerabilities that can be identified and mitigated based on timeline and budget
Risk Residual Dashboard** **CoNetrixTandem is the tool of choice to provide policy/risk management
Security Threats** **CoNetrixTandem is the tool of choice to provide policy/risk management
Cybersecurity Risk Management Plan (Often State and Federal Legislation Required) • Evaluate and adjust/accept the threats and vulnerabilities given the org’s risk tolerance • Threats and vulnerabilities are ranked based on severity • Business processes/procedures will be defined to address user-related threats • A Cybersecurity Partner like Cross Link Group can create the plan and address the technical threats and vulnerabilities according to priorities and budget • All threat mitigation is then reflected in the Risk Residual dashboard and reported to the organization’s board and leadership
Cybersecurity Mitigation Costs • Cost to not mitigate and loss of reputation given a breach • Cost of tooling and licensing • Cost to mitigate – technical work to address security vulnerabilities • Cost to change – new processes and procedures to do work securely • Reasonable timeline – staff availability to change technical environment and processes/procedures • Risk tolerance – how much can an organization risk
How Can You Get Help? • Bring a business card to the CrossOlive/Cross Link Group (CLG) booth and we will email you a copy of this presentation • Have a Cybersecurity Partner like CLG provide a basic cybersecurity assessment • Have the Cybersecurity Partner implement a cybersecurity toolset like CoNetrix Tandem to measure risks • Work alongside the Cybersecurity Partner to establish policies, identify risks and determine your risk tolerance • Start a process of addressing vulnerabilities according to level of risk and budget • Set a goal to reach a level of risk that is wise in protecting your constituents **CoNetrixTandem is the tool of choice to provide policy/risk management Cross Link Group is a Partner of CoNetrix
Recommend
More recommend
