Risk Assessment and Cybersecurity Plan Presented by Ron Fleming - - PowerPoint PPT Presentation

Risk Assessment and Cybersecurity Plan

Presented by Ron Fleming President, Cross Link Group September 16, 2019

Cross Link Group (CLG) History

• Started in 1996 to serve only ministries to the glory of God
• Currently servicing over 50 ministries including several financial ministries
• 23 years of CEO/CIO technology leadership experience in ministry
• CLG provides technology services in:
• Cybersecurity and Compliance Risk Assessment
• Enterprise Technology Assessments and Strategic Planning
• Large Software Projects Delivery and Rescue
• Network Infrastructure
• Service Desk

What is a Security Framework?

A Logical and Comprehensive Top Down Method to Measure Cybersecurity and Compliance Risk Mitigation

Cybersecurity Policy Packet

• Almost 50 industry-related standard policies are necessary for financial

ministries

• Policies need to based on top national and international standards bodies and

best practices (NIST, COBIT, ITIL, etc.)

• Policies need to take into consideration data privacy requirements (FDIC, PCI

DSS, HIPAA, NACHA, GDPR, etc.)

• Policies should help drive Enterprise Risk Management for your ministry

Policy Dashboard**

**CoNetrixTandem is the tool of choice to provide policy/risk management

List of Policies**

**CoNetrixTandem is the tool of choice to provide policy/risk management

Information Cybersecurity Risk Assessment

• Initial Cybersecurity Risk Assessment informs the organization of compliance/

cybersecurity risks and the process to mitigate those risks

• Based on industry-related data and questionnaire, a preliminary Risk Residual

dashboard should be followed

• The Cybersecurity Policy Packet and Risk Assessment results should be

quantified in the Risk Residual dashboard for the organization

• The Risk Residual dashboard highlights security threats and vulnerabilities

that can be identified and mitigated based on timeline and budget

Risk Residual Dashboard**

**CoNetrixTandem is the tool of choice to provide policy/risk management

Security Threats**

**CoNetrixTandem is the tool of choice to provide policy/risk management

Cybersecurity Risk Management Plan

(Often State and Federal Legislation Required)

• Evaluate and adjust/accept the threats and vulnerabilities given the org’s risk

tolerance

• Threats and vulnerabilities are ranked based on severity
• Business processes/procedures will be defined to address user-related threats
• A Cybersecurity Partner like Cross Link Group can create the plan and address

the technical threats and vulnerabilities according to priorities and budget

• All threat mitigation is then reflected in the Risk Residual dashboard and

reported to the organization’s board and leadership

Cybersecurity Mitigation Costs

• Cost to not mitigate and loss of reputation given a breach
• Cost of tooling and licensing
• Cost to mitigate – technical work to address security vulnerabilities
• Cost to change – new processes and procedures to do work securely
• Reasonable timeline – staff availability to change technical environment and

processes/procedures

• Risk tolerance – how much can an organization risk

How Can You Get Help?

• Bring a business card to the CrossOlive/Cross Link Group (CLG) booth and we will

email you a copy of this presentation

• Have a Cybersecurity Partner like CLG provide a basic cybersecurity assessment
• Have the Cybersecurity Partner implement a cybersecurity toolset like CoNetrix

Tandem to measure risks

• Work alongside the Cybersecurity Partner to establish policies, identify risks and

determine your risk tolerance

• Start a process of addressing vulnerabilities according to level of risk and budget
• Set a goal to reach a level of risk that is wise in protecting your constituents

**CoNetrixTandem is the tool of choice to provide policy/risk management Cross Link Group is a Partner of CoNetrix