{
  "docId": "019dd923-5de0-76bd-a169-54303fbbe19b",
  "docSlug": "0ec770bd87313ce8",
  "documentTitle": "The CEO’s Guide to Cybersecurity",
  "authorId": "BCG",
  "authorName": null,
  "documentKindSlug": "consulting-deck",
  "documentKindLabel": "Consulting deck",
  "sourceTypeSlug": "strategy_consulting",
  "sourceTypeLabel": "Strategy consulting",
  "presentationDate": null,
  "orientation": "portrait",
  "aspectRatio": 0.784,
  "pageNumber": 10,
  "pageCount": 15,
  "prevPage": 9,
  "nextPage": 11,
  "slideType": "section_divider",
  "function": "transition",
  "density": "dense",
  "nDataPoints": 2,
  "notes": "The slide uses a large '7' as a section marker, typical of a deck structure.",
  "elementsJson": [
    "paragraph",
    "numbered_list"
  ],
  "metadataConfidence": 1,
  "imagePath": null,
  "slideHref": "/slides/019dd923-5de0-76bd-a169-54303fbbe19b/10",
  "deckHref": "/decks/019dd923-5de0-76bd-a169-54303fbbe19b",
  "deckJsonHref": "/decks/019dd923-5de0-76bd-a169-54303fbbe19b.json",
  "deckAnchorHref": "/decks/019dd923-5de0-76bd-a169-54303fbbe19b#slide-10",
  "components": [
    {
      "bbox": {
        "h": 0.02,
        "w": 0.2,
        "x": 0.36,
        "y": 0.47
      },
      "kind": "callout",
      "text": "FOLLOW-UP QUESTIONS",
      "attrs": null,
      "subkind": "primary",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "32cc0c8a-810e-493a-9ec9-99f7f73fcadc",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": null,
      "kind": "callout",
      "text": "The beauty of a cybersecurity program is that all initiatives ultimately lead back to tangible risks, which allows for your organization to establish a quantifiable action to address said risk.",
      "attrs": null,
      "subkind": null,
      "toolName": "Visual emphasis",
      "toolSlug": "visual-emphasis",
      "confidence": null,
      "componentId": "019dd951-fefa-773b-abc6-7f3f39554c14",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.05,
        "w": 0.45,
        "x": 0.36,
        "y": 0.5
      },
      "kind": "list",
      "text": "What KPIs do you use?\nDo you have leading or lagging indicators of our organization's cyber health?",
      "attrs": null,
      "subkind": "bullet",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "185c778d-6ea9-4624-a6a0-2bc13ed7b3bb",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.11,
        "w": 0.72,
        "x": 0.14,
        "y": 0.36
      },
      "kind": "paragraph",
      "text": "But one of the most exciting elements of building an evolving security program is that as your program matures, your metrics become more advanced. You begin to establish Key Risk Indicators (KRI) and Key Performance Indicators (KPI) that can tie back to monetary values. For example, you might scope the expected impact of a ransomware attack to your organization once every four years and calculate that the expected impact of the attack would be $500,000. Divided across four years, you've successfully just calculated an annualized expected cost of $125,000 for your organization that can now be budgeted for.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "5d4417ad-33e6-4ead-bd37-83188eb9eb52",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.08,
        "w": 0.72,
        "x": 0.14,
        "y": 0.22
      },
      "kind": "paragraph",
      "text": "In order to maintain an ever-evolving, ever-maturing security program, it's paramount that your organization leverage clear objectives and metrics wherever possible. The beauty of a cybersecurity program is that all initiatives ultimately lead back to tangible risks, which allows for your organization to establish a quantifiable action to address said risk.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "980667ca-2fcc-4aa4-b1b4-ff9ffee97e81",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.04,
        "w": 0.72,
        "x": 0.14,
        "y": 0.31
      },
      "kind": "paragraph",
      "text": "These quantified metrics can be something simple, like a calculation of how many of your IT controls passed vs. failed during an assessment, or how many new hires had a background check and how many did not.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "df4545b8-b02c-4f8a-9acc-2784e49b1764",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.08,
        "w": 0.65,
        "x": 0.08,
        "y": 0.14
      },
      "kind": "title",
      "text": "7 How do you measure and manage our cybersecurity program?",
      "attrs": null,
      "subkind": "headline",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "ba100900-3c50-4c49-afb2-9f39f23adf44",
      "frameworkName": null,
      "frameworkSlug": null
    }
  ],
  "metrics": [],
  "tools": [
    {
      "name": "Anaphora",
      "slug": "anaphora",
      "agent": "Storyteller",
      "layer": "loop",
      "matchId": "019dd95a-14f6-720d-8375-73c1a6d91c6b",
      "evidence": "Continues 'How do you...' question opener pattern across Q7-Q10",
      "confidence": 70
    },
    {
      "name": "Action Titles",
      "slug": "action-titles",
      "agent": "Architect",
      "layer": "slide",
      "matchId": "019dd95a-14f6-720d-8375-6973bea414dd",
      "evidence": "Title 'How do you measure and manage our cybersecurity program?'",
      "confidence": 80
    },
    {
      "name": "Pyramid Principle",
      "slug": "pyramid-principle",
      "agent": "Architect",
      "layer": "slide",
      "matchId": "2e7a68df-e557-4679-9d9f-8f209951c964",
      "evidence": "But one of the most exciting elements of building an evolving security program is that as your program matures, your metrics become more advanced.",
      "confidence": 0.7
    },
    {
      "name": "So What? Test",
      "slug": "so-what-test",
      "agent": "Architect",
      "layer": "slide",
      "matchId": "019dd95a-14f6-720d-8375-6ffbe15b2137",
      "evidence": "Callout states the so-what: 'all initiatives ultimately lead back to tangible risks'",
      "confidence": 70
    }
  ],
  "frameworks": [],
  "arcBeats": [
    {
      "to": 11,
      "from": 10,
      "beatId": "019dd95a-0702-74a3-87e1-6dec5482820e",
      "arcName": "The Consultant's Gambit",
      "arcSlug": "consultants-gambit",
      "beatName": "Solution & Approach",
      "beatSlug": "consultants-gambit-solution-approach",
      "evidence": "Q7-8 prescribe measurement program and budget allocation method",
      "position": 3,
      "confidence": 55,
      "parentBeatName": "Turn",
      "parentBeatSlug": "turn"
    }
  ],
  "loops": [
    {
      "to": 14,
      "from": 10,
      "name": "Mece Breakdown",
      "slug": "40-mece-breakdown",
      "bestFor": "Problem structuring, ensuring completeness, strategic analysis",
      "matchId": "019dd95a-088c-724c-b30e-0316b53f0e64",
      "evidence": "Q7-Q11 cover distinct management levers: measurement, budget, threat outlook, talent, current risks",
      "position": 2,
      "objective": "Enumerate the operational/strategic management dimensions of a cybersecurity program",
      "structure": "The Whole -> Category A (distinct) -> Category B (distinct) -> Category C (distinct) -> Complete Coverage",
      "confidence": 65,
      "description": "Divide a complex topic into mutually exclusive, collectively exhaustive categories"
    }
  ],
  "imagePathAlt": null,
  "thumbSrc": null,
  "thumbSrcAlt": null,
  "locked": true
}