{
  "docId": "019dd923-5de0-76bd-a169-54303fbbe19b",
  "docSlug": "0ec770bd87313ce8",
  "documentTitle": "The CEO’s Guide to Cybersecurity",
  "authorId": "BCG",
  "authorName": null,
  "documentKindSlug": "consulting-deck",
  "documentKindLabel": "Consulting deck",
  "sourceTypeSlug": "strategy_consulting",
  "sourceTypeLabel": "Strategy consulting",
  "presentationDate": null,
  "orientation": "portrait",
  "aspectRatio": 0.784,
  "pageNumber": 14,
  "pageCount": 15,
  "prevPage": 13,
  "nextPage": 15,
  "slideType": "diagnosis",
  "function": "diagnose",
  "density": "dense",
  "nDataPoints": 0,
  "notes": "The slide uses a '11' numbering, likely indicating a section or sequence number. It includes a decorative wave graphic.",
  "elementsJson": [
    "paragraph",
    "numbered_list"
  ],
  "metadataConfidence": 0.95,
  "imagePath": null,
  "slideHref": "/slides/019dd923-5de0-76bd-a169-54303fbbe19b/14",
  "deckHref": "/decks/019dd923-5de0-76bd-a169-54303fbbe19b",
  "deckJsonHref": "/decks/019dd923-5de0-76bd-a169-54303fbbe19b.json",
  "deckAnchorHref": "/decks/019dd923-5de0-76bd-a169-54303fbbe19b#slide-14",
  "components": [
    {
      "bbox": null,
      "kind": "callout",
      "text": "Managing risk and ensuring continuity takes an organization level commitment to a culture of resilience.",
      "attrs": null,
      "subkind": null,
      "toolName": "Visual emphasis",
      "toolSlug": "visual-emphasis",
      "confidence": null,
      "componentId": "019dd951-fefa-773b-abc7-222bac9891bf",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.15,
        "w": 0.5,
        "x": 0.36,
        "y": 0.47
      },
      "kind": "list",
      "text": "Are we monitoring for threats across the enterprise specific to our risk?\nDoes our monitoring include non-persistent connection (e.g., BYOD, remote workers, IoT)?\nWhat is our visibility to attack life cycle? What do you see? Where? When?\nHow do we manage our supply chain threats?\nDo you know your actual attack surface?",
      "attrs": null,
      "subkind": "bullet",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "eb28e4b6-ae8c-489d-9e99-731a738a173b",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.2,
        "w": 0.72,
        "x": 0.14,
        "y": 0.26
      },
      "kind": "paragraph",
      "text": "Managing risk and ensuring continuity takes an organization level commitment to a culture of resilience. Many areas for improvement are operational: a lack of proper planning and preparation for adversity, siloed teams without insight into systemwide operational interdependencies or aligned to business risk, and the transformation of risk management to an operational activity. Resilience requires bringing the areas of risk management, business continuity, and IT/Dev/Sec ops together to produce a secure by design operational process supporting mission critical functions.\n\nOf course, each business is different, and not all data, infrastructure, applications, systems, and source code are equally mission-critical or valuable to that organization. On the other hand, access to some seemingly less critical systems can serve as an entry point for an attacker as everything is connected and one human or technical error can lead to a crippling attack.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "532f0b71-5c08-447b-9a3c-f500faf9e381",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.05,
        "w": 0.72,
        "x": 0.14,
        "y": 0.2
      },
      "kind": "paragraph",
      "text": "How do we know we have full visibility of those threats? Do we have visibility across all systems or just critical infrastructure? What steps (if any) have we done to reduce them?",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "71dec8a0-1bb9-4c21-9288-aa2672364a23",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.05,
        "w": 0.65,
        "x": 0.14,
        "y": 0.14
      },
      "kind": "title",
      "text": "What types of risks are currently threatening our network/systems?",
      "attrs": null,
      "subkind": "headline",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "3ce53f1c-b711-40bc-ad4d-53c59f7d0eaf",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.02,
        "w": 0.2,
        "x": 0.36,
        "y": 0.44
      },
      "kind": "title",
      "text": "FOLLOW-UP QUESTIONS",
      "attrs": null,
      "subkind": "subtitle",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "7505ae96-71c8-4592-80ca-5bde4d6941e0",
      "frameworkName": null,
      "frameworkSlug": null
    }
  ],
  "metrics": [],
  "tools": [
    {
      "name": "Action Titles",
      "slug": "action-titles",
      "agent": "Architect",
      "layer": "slide",
      "matchId": "019dd95a-14f6-720d-8375-90a779167daf",
      "evidence": "Title 'What types of risks are currently threatening our network/systems?'",
      "confidence": 80
    },
    {
      "name": "Closing Techniques",
      "slug": "closing-techniques",
      "agent": "Storyteller",
      "layer": "slide",
      "matchId": "019dd95a-14f6-720d-8375-96102d59075d",
      "evidence": "Callout closes with the vision line: 'a culture of resilience'",
      "confidence": 60
    }
  ],
  "frameworks": [],
  "arcBeats": [
    {
      "to": 15,
      "from": 14,
      "beatId": "019dd95a-0702-74a3-87e1-75a62047f8be",
      "arcName": "The Consultant's Gambit",
      "arcSlug": "consultants-gambit",
      "beatName": "Impact & Next Steps",
      "beatSlug": "consultants-gambit-impact-next-steps",
      "evidence": "Q11 culture-of-resilience close + CompTIA advisor authority backstop",
      "position": 5,
      "confidence": 55,
      "parentBeatName": "Resolution",
      "parentBeatSlug": "resolution"
    }
  ],
  "loops": [
    {
      "to": 14,
      "from": 10,
      "name": "Mece Breakdown",
      "slug": "40-mece-breakdown",
      "bestFor": "Problem structuring, ensuring completeness, strategic analysis",
      "matchId": "019dd95a-088c-724c-b30e-0316b53f0e64",
      "evidence": "Q7-Q11 cover distinct management levers: measurement, budget, threat outlook, talent, current risks",
      "position": 2,
      "objective": "Enumerate the operational/strategic management dimensions of a cybersecurity program",
      "structure": "The Whole -> Category A (distinct) -> Category B (distinct) -> Category C (distinct) -> Complete Coverage",
      "confidence": 65,
      "description": "Divide a complex topic into mutually exclusive, collectively exhaustive categories"
    }
  ],
  "imagePathAlt": null,
  "thumbSrc": null,
  "thumbSrcAlt": null,
  "locked": true
}