state of bourgogne franche-comté case study : how to build a cybersecurity strategy
- Secteur : Cybersecurity
- Cible : CIO
- A propos : Cybersecurity Strategy
Context
Our client wanted to challenge his cyber crisis processes. He had the following questions :
1) What are the actions to prioritize in case of cyberattack ?
2) What to do now ?
our adviser
Olivier D., Ex CISO at Faurecia.
Our answer
Build a Cybersecurity strategy based on:
1. Business and technical risks of the company mapping.
2. Establishing a risk decision posture shared with management, in alignment with industry best practices, applicable standards, and established contracts.
3. Enabling the measurement of the company’s maturity and its progression towards set objectives.
4. Prepare a plan including :
-Clear articulation of Cyber risk, shared by all departments of the company (Legal, Operations, IT, Finance).
-Striking a balance between prevention, detection, response, control, and auditing activities.
-Achieving a balance between governance, strategy, organization, and technology actions (following the BMIS model), outlined in a strategic plan for 2-3 years, with a more detailed focus on the first year.
-Engaging independent external advisors to support and present the strategy to management, conduct a benchmark assessment of the company, and evaluate the company’s level of resilience.
-Ensuring compliance with applicable standards required by clients and partners, as well as those commonly followed within the industry (e.g., ISO 27001, NIST SP 800-53, CIS Controls).
Outcomes
Our client saved +15000 euros in traditional consulting with only two consultations with a Top Tiers CISO who shared best practices & operational insights. They have been able to validate their recovery plan in 3 weeks.
