Does anyone have suggestions for research sources or templates for a Cyber Risk Governance Framework? I'm looking for resources to create a board-level document outlining our organization's governance processes and practices.

Security Strategy & Roadmap Security & GRC

13k views1 Upvote16 Comments

Sort by:

CISO in Manufacturing8 months ago

The Gartner Cybersecurity Controls Assessment (CCA) is an excellent tool to measure cybersecurity maturity and align governance processes with industry best practices.

VP of Information Security in IT Services8 months ago

If your need is specific to how you present that to a Board level, and you are a Gartner customer, you may enjoy the latest research PPT : The Gartner doc ID is: ID G00822269 and is called "Security Behavior and Culture Program Dashboard".

authored by Alex Michaels, Richard Addiscott, Will Candrick and Victoria Cason :-)

VP of Information Securitya year ago

If you perform NIST CSF assessments, the graph Link can be a useful tool to visualize and demonstrate cybersecurity maturity, identify areas that need investment, and highlight areas meeting your organization's acceptable maturity targets.

CFOa year ago

Build a board-ready framework! Leverage NIST CSF as a base, tailoring it to your risk profile & regulations. Consider ISO 27001 for a structured governance approach & COBIT for broader IT governance.

CISO in Insurance (except health)a year ago

It depends, Wiz can be used for Governance and Compliance and a tool like Crowdstrike can be used to identity malicious behavior.

Content you might like

Which cybersecurity metrics do you currently use with your board?

How confident are you in letting AI agents take autonomous actions after a SIEM or XDR alert?
Are you using them today? If not, what’s holding you back?

Do you have a person at your company specifically focused on payments (e.g., VP of Payments)?

Yes65%

No35%

What do you do to recover quickly from early missteps in a new role? How can you keep initial mistakes from coloring perceptions when you’re still trying to establish your reputation at a new organization?

On a scale of 1-5, how would you rate your organization’s ability to successfully protect your organization's operational network (OT) and IT network from a cyber attack?

1. We are not at all prepared.3%

2. We are somewhat prepared.35%

3. We are moderately prepared.21%

4. We are generally prepared.33%

5. We are highly prepared.6%

View Results

Does anyone have suggestions for research sources or templates for a Cyber Risk Governance Framework? I'm looking for resources to create a board-level document outlining our organization's governance processes and practices.

Sort by:

Content you might like

Which cybersecurity metrics do you currently use with your board?

How confident are you in letting AI agents take autonomous actions after a SIEM or XDR alert?
Are you using them today? If not, what’s holding you back?

Do you have a person at your company specifically focused on payments (e.g., VP of Payments)?

What do you do to recover quickly from early missteps in a new role? How can you keep initial mistakes from coloring perceptions when you’re still trying to establish your reputation at a new organization?

On a scale of 1-5, how would you rate your organization’s ability to successfully protect your organization's operational network (OT) and IT network from a cyber attack?

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

How are U.S. CISOs Addressing Liability Risk?

CrowdStrike Outage: Impact And Recovery

Impact & Perceptions of A Privacy-First Digital Era

Challenges & Tools For A Privacy-First Internet Age

IT and Infosec Collaboration on Vulnerability Patching

Take Your Insights On-the-Go

Does anyone have suggestions for research sources or templates for a Cyber Risk Governance Framework? I'm looking for resources to create a board-level document outlining our organization's governance processes and practices.

Sort by:

Content you might like

Which cybersecurity metrics do you currently use with your board?

How confident are you in letting AI agents take autonomous actions after a SIEM or XDR alert?Are you using them today? If not, what’s holding you back?

Do you have a person at your company specifically focused on payments (e.g., VP of Payments)?

What do you do to recover quickly from early missteps in a new role? How can you keep initial mistakes from coloring perceptions when you’re still trying to establish your reputation at a new organization?

On a scale of 1-5, how would you rate your organization’s ability to successfully protect your organization's operational network (OT) and IT network from a cyber attack?

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

How are U.S. CISOs Addressing Liability Risk?

CrowdStrike Outage: Impact And Recovery

Impact & Perceptions of A Privacy-First Digital Era

Challenges & Tools For A Privacy-First Internet Age

IT and Infosec Collaboration on Vulnerability Patching

Take Your Insights On-the-Go

How confident are you in letting AI agents take autonomous actions after a SIEM or XDR alert?
Are you using them today? If not, what’s holding you back?