CIO Scoreboard Overview

The CIO Scoreboard Empowering CIOs through IT Security Strategy

and Risk Management

Visualization is the KeyWhat if in 10 seconds you could explain to the business the current stat of your IT Security program…

Visualization is the Key

Board/CEO Reporting LevelOutput from this

IT Security & Risk Management Flow

CIO – Opinion Management

Security Vendor HW and SW

Internal &/or ExternalAudit

Internal Staff

RegulatorFFIEC,HIPPA, PCI, etc

Integrator

Whose Opinion Do you Follow?

MediaGartner/Think Tank

LanguageSecurity is Verb and not a Noun

Hustle Curve for Compliance

Transparency

Human Error

50+ Security Domainswith Complete Transparency

50+ Security Domains

Risk & Criticality Assignment

Risk Rating

Common Language

Visualization is the Key

Point in Time Analysis

Overview of Process Methodology

Three Stages1. Risk assignment – actual Technical Security

Reality State2. Criticality assignment – the order in which the

business should/needs to do things due to technical fundamentals, true audit issue, actual threat risk

3. Gap review - the technical reality of where you are compared to where you need to be

The CIO Scoreboard allows you to:

• Measure and analyze the current state of IT Security Risk in your company

• Demonstrate and prove IT Security execution• Develop and show a roadmap of investment

needed to fix weaknesses and problems within the enterprise