5 Establishing the foundation

 

This chapter covers

  • Implementing effective cybersecurity governance
  • Roles and responsibilities in securing your organization’s digital identity
  • Risks associated with third-party vendors and supply chains

This chapter explores governance as a concept and examines identity in cybersecurity to determine which metrics can effectively measure these critical areas. A solid foundation rooted in an industry-trusted framework is essential for this analysis. Yet, with so many frameworks available, selecting the right one for your organization can feel overwhelming.

When starting in cybersecurity and conducting risk gap assessments, teams often need to investigate several frameworks to find the one that aligns with their processes and consistently delivers value. A well-chosen framework helps identify best practices and develop mitigation strategies to close identified gaps. To measure cybersecurity effectively, using a framework that resonates with your organization’s specific needs and goals is essential. While frameworks differ in structure and terminology, their core concepts are consistent across the industry. This ensures that the principles discussed in this book remain applicable, regardless of your chosen framework.

This chapter demonstrates how these foundational concepts shape cybersecurity through practical examples and scenario-based learning, preparing your organization to meet future challenges confidently.

5.1 Governance

5.2 Organizational context

5.2.1 Understanding the differences between mission, vision, and values

5.2.2 Strategic objectives

5.2.3 Organizational metrics

5.2.4 Organizational metrics exercise

5.3 Risk management strategy

5.3.1 Risk mitigation

5.3.2 Risk management metrics

5.3.3 Risk management metrics exercise

5.4 Roles, responsibilities, and authorities

5.4.1 Roles, responsibilities, and authorities metrics

5.4.2 Roles and responsibilities metrics exercise

5.5 Policy, processes, and procedures

5.5.1 Policy, processes, and procedures metrics

5.5.2 Policy, processes, and procedures metrics exercise

5.6 Oversight

5.6.1 Governance structure

Summary