Strategy+ Approach Aligns CxOs with 2020 NACD Cyber Risk Guidelines
Coalfire, a provider of cybersecurity advisory and assessment services, today introduced a novel method for cybersecurity strategy that spans the three risk-oriented dimensions of CxO oversight – business alignment, performance management, and controls discipline. Strategy+ was designed in accordance with 2020 NACD (National Association of Corporate Directors) risk oversight guidelines with the goal to bring executive leadership teams closer to mission-critical cyber decision-making.
“For the last 20 years, cyber risk management has been the cornerstone of Coalfire,” said Tom McAndrew, chief executive officer. “Today, with our clients moving to the cloud along with this pandemic pushing operational and workforce boundaries, executive leadership in our digital world must prioritize cyber strategy. Our Strategy+ program brings proven principles for strategic planning, enabling executives and boards to balance security with business objectives.”
Most organizations are evaluated from only one-dimension, focusing on security controls discipline across compliance frameworks and standards requirements. Coalfire incorporates the additional dimensions of business alignment and performance management into a holistic design, governance, and execution methodology. Enterprises can now integrate accepted standards and practices into the Strategy+ 3-D model to assess their cybersecurity programs.
The Strategy+ program is first-to-market to encompass elements of business strategy and performance management, combining best-practice principles established by the NACD to achieve the following outcomes:
Build stakeholder understanding of cybersecurity “why and how”
Align security posture with business objectives
Establish priorities, adjust culture, and optimize organizational behavior
Match cyber strategy at both enterprise and functional levels
Evaluate cyber maturity and effectiveness
Gain management input and buy-in for the cyber roadmap
Enable CxO dashboard oversight of KPIs and market performance metrics
“Organizations spend significant time and money managing risk, and far too often, management seeks to solve cyber through the prism of technology and controls alone, resulting in a disconnect with business objectives,” said Mark Carney, executive vice president, cybersecurity services. “With Strategy+, CxOs can adopt a new risk management mindset, and recalibrate cyber risk programs from a cost center to a business accelerator. Strategy+ is our launch pad to demonstrate our commitment to business executives that want to be world-class in cyber.”