aeReports - Create Executive Reports
Reports tailored for executive and board level presentation
Management needs help in understanding the true nature of the risk. Your safety program manages safety risk, your environmental program manages environmental risk, but there really is no such thing as ‘cyber risk’. Cyber is a pathway, mechanism, or technique that can be exploited to put your entire company at risk (e.g., revenue, shareholder value, reputation, intellectual property, customers, supply chain, license to operate, and more). Cyber risk is an amplification of all the other risks that you already care about. Cybersecurity should not be viewed as a technology problem, it should be viewed as an enterprise risk management issue.
Just as environment, health and safety (EHS) and IT competencies and departments were added in the 1970s and 80s due to changes in regulations and technology, cybersecurity will now also need to be a competency with the same level of priority and support. Management needs to appreciate this in order to allocate the appropriate resources and with our custom tailored reporting, we can help you accomplish your goals and achieve executive buy in to your cyber program.
Multi-site vulnerability and risk assessments are performed to determine the risk profile of various manufacturing sites and generate a risk register with a prioritized list of recommendations. These results are used by the program management team to develop summary reports for senior management and the board to help develop remediation planning and budget allocation. The reports produced are concise yet deliver the overarching results in a format that is easy to understand, analyze and plan a future road map.
Typically multi-site risk assessments yield hundreds of recommendations spread across several sites. Some recommendations apply across the entire enterprise, while others are site specific. The recommendations may also need to be evaluated against corporate standards as well as industry standards such as NIST CSF and ISA 62443. aeSolutions has developed multiple templates for summarizing and presenting the data. These templates can be customized and adjusted per client specific requirements. Examples of such report templates are shown in the graphics below.
Example 1: A template to map the gap analysis results to NIST Tiers – Partial, Risk Informed, Repeatable, and Adaptive
Example 2: Risk based view of the site risk profile (Risk rankings High, Medium, Low)
Learn more about effectively engaging your executive team to ensure they understand that cyber risk is business risk, and that they must ‘own’ cyber risk in order to create a cybersecurity culture through commitment and accountability.