Cybersecurity Board Reporting

A common challenge for security programs is finding a way to translate the effectiveness of the information security program to the executive c-suite and Board of Directors. Reports need to strike a balance between understandability and accuracy. There are there are two major considerations when deciding on your approach to report metrics to the Board. First, understand the roles and objectives of the Board and what they are concerned about. As security professionals we get too deep into the technical details of our job, forgetting the business as a whole does not have the same operational objectives and measures as we do. We need to step into the perspective of the Board and understand t

Perform Control Implementation on a System

In Part 3 of the Assessment Accelerator, we will review how AA can rapidly implement control implementation for your organization. By this time you have already categorized your system and set the assessment view, or the assessment plan to be performed. If you have not, review Part 2 of this post. Navigate your cursor to the topmost row of the control to be assessed under the column M – Implementation Status. Select the applicable Implementation Status from the AA Menubar and the selected implementation status will be marked for the control. Additional implementation statuses can be selected by expanding the + icon. In the Implementation Details, you can enter the Observation and Evidence

How to Setup an Assessment for a System using Assessment Accelerator

In Part 2 on Assessment Accelerator, we will explore how quickly a system can be setup for an assessment according to an assessment plan. From the AA toolbar, select the System Information Setting button. From the Configuration Settings form, enter the System Information for the information system to be assessed. Categorization is important because that defines the security control baseline for the assessment plan. Other attributes such as Type of System and Exposure are strictly metadata at this time. Select the assessment plan to be conducted. The controls for the assessment plan are listed in the Assessment Plan tab by categorization. To add or remove a control from the list simply add o

© 2017-2020 Caplock Security LLC

  • Twitter Social Icon
  • Black LinkedIn Icon