{
  "docId": "019dd923-5de0-76bd-a169-54303fbbe19b",
  "docSlug": "0ec770bd87313ce8",
  "documentTitle": "The CEO’s Guide to Cybersecurity",
  "authorId": "BCG",
  "authorName": null,
  "documentKindSlug": "consulting-deck",
  "documentKindLabel": "Consulting deck",
  "sourceTypeSlug": "strategy_consulting",
  "sourceTypeLabel": "Strategy consulting",
  "presentationDate": null,
  "orientation": "portrait",
  "aspectRatio": 0.784,
  "pageNumber": 3,
  "pageCount": 15,
  "prevPage": 2,
  "nextPage": 4,
  "slideType": "key_messages",
  "function": "frame_problem",
  "density": "overcrowded",
  "nDataPoints": 0,
  "notes": "The slide introduces two foundational questions: 'Are you sure?' and 'Why are you sure?' as a baseline for evaluating cybersecurity information.",
  "elementsJson": [
    "headline_text",
    "paragraph"
  ],
  "metadataConfidence": 1,
  "imagePath": null,
  "slideHref": "/slides/019dd923-5de0-76bd-a169-54303fbbe19b/3",
  "deckHref": "/decks/019dd923-5de0-76bd-a169-54303fbbe19b",
  "deckJsonHref": "/decks/019dd923-5de0-76bd-a169-54303fbbe19b.json",
  "deckAnchorHref": "/decks/019dd923-5de0-76bd-a169-54303fbbe19b#slide-3",
  "components": [
    {
      "bbox": null,
      "kind": "callout",
      "text": "Cybersecurity expectations should be measured against the reality of implementation of processes, procedures, education, and verification.",
      "attrs": null,
      "subkind": null,
      "toolName": "Visual emphasis",
      "toolSlug": "visual-emphasis",
      "confidence": null,
      "componentId": "019dd951-fefa-773b-abc6-2743a66e640f",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.085,
        "w": 0.605,
        "x": 0.198,
        "y": 0.675
      },
      "kind": "list",
      "text": "Are you sure? Cybersecurity expectations should be measured against the reality of implementation of processes, procedures, education, and verification. False assumptions or beliefs about security conditions are often found after a major security incident.",
      "attrs": null,
      "subkind": "bullet",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "4100a8ad-df90-4336-b31a-f60b109889c3",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.065,
        "w": 0.605,
        "x": 0.198,
        "y": 0.775
      },
      "kind": "list",
      "text": "Why are you sure? Refrain from basing a business decision after being told that “all is good” without supporting evidence from responsible parties. Request or even require independent testing based on the outcome expected.",
      "attrs": null,
      "subkind": "bullet",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "4679b4ef-7549-4508-abd0-1fd6a36da7e2",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.045,
        "w": 0.605,
        "x": 0.198,
        "y": 0.535
      },
      "kind": "paragraph",
      "text": "CompTIA's Cybersecurity Advisory Council has developed a series of questions to ask within your organization to ensure that you have a complete security picture in order to make the best decisions for the company.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "27e2e28b-6623-4790-8a7f-4208a522be6c",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.085,
        "w": 0.605,
        "x": 0.198,
        "y": 0.375
      },
      "kind": "paragraph",
      "text": "The best business decisions are often made based on senior leadership's confidence in facts, figures and calculations made by appropriate parties within the organization. Relying on gut instinct—or worse, potentially false or incomplete information—is a dangerous road to travel, especially in cybersecurity.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "5d362a58-389e-4253-8467-cccdf938e522",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.045,
        "w": 0.605,
        "x": 0.198,
        "y": 0.585
      },
      "kind": "paragraph",
      "text": "Note: It's important that the person/people answering the questions recognize that they are obligated to share any and all pertinent information germane to the larger decisions being made, whether a direct request was made or not.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "5ebe9d18-f4f7-4dcf-8562-9446f2383366",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.065,
        "w": 0.605,
        "x": 0.198,
        "y": 0.465
      },
      "kind": "paragraph",
      "text": "Whereas a gut instinct may work in marketing, sales, or other facets of the business, the planning, implementation, and verification of security operations require facts to be complete and accurate. You need to have all the answers to every possible question at any time.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "c702dce9-ad70-416d-85ac-4a6fa492b1f5",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.03,
        "w": 0.605,
        "x": 0.198,
        "y": 0.635
      },
      "kind": "paragraph",
      "text": "For each of the questions below, keep in mind that responses should also address the following questions/criteria as a baseline:",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "d6273a10-0c15-4eaa-b4bf-e10b8e472b21",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.21,
        "w": 0.41,
        "x": 0.198,
        "y": 0.155
      },
      "kind": "title",
      "text": "Cybersecurity Questions that All CEOs Need to Ask",
      "attrs": null,
      "subkind": "headline",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "94bc0fc3-da55-41d8-acf8-add336286486",
      "frameworkName": null,
      "frameworkSlug": null
    }
  ],
  "metrics": [],
  "tools": [
    {
      "name": "Issue Tree",
      "slug": "issue-tree",
      "agent": "Architect",
      "layer": "block",
      "matchId": "019dd95a-14f6-720d-8375-2c15b830cfd1",
      "evidence": "Decomposes 'Are we safe?' into 11 testable sub-questions",
      "confidence": 60
    },
    {
      "name": "MECE Principle",
      "slug": "mece-principle",
      "agent": "Architect",
      "layer": "block",
      "matchId": "019dd95a-14f6-720d-8375-2a0b2ecd6716",
      "evidence": "Frames the eleven questions as a complete, non-overlapping audit set",
      "confidence": 70
    },
    {
      "name": "Anaphora",
      "slug": "anaphora",
      "agent": "Storyteller",
      "layer": "loop",
      "matchId": "019dd95a-14f6-720d-8375-25279c3bdcbf",
      "evidence": "Sets up the 'Are you...? / Why are you...?' repetition pattern reused across questions",
      "confidence": 75
    },
    {
      "name": "Action Titles",
      "slug": "action-titles",
      "agent": "Architect",
      "layer": "slide",
      "matchId": "019dd95a-14f6-720d-8375-19a455da6f10",
      "evidence": "Title 'Cybersecurity Questions that All CEOs Need to Ask' states the slide's payload",
      "confidence": 80
    },
    {
      "name": "Authority Bias",
      "slug": "authority-bias",
      "agent": "Storyteller",
      "layer": "slide",
      "matchId": "019dd95a-14f6-720d-8375-1fd26932887c",
      "evidence": "Cites 'CompTIA's Cybersecurity Advisory Council' as the question source",
      "confidence": 80
    },
    {
      "name": "Concrete Language",
      "slug": "concrete-language",
      "agent": "Storyteller",
      "layer": "slide",
      "matchId": "019dd95a-14f6-720d-8375-223e34e04da7",
      "evidence": "Pulls out 'Are you sure?' / 'Why are you sure?' as concrete baseline questions",
      "confidence": 70
    }
  ],
  "frameworks": [],
  "arcBeats": [
    {
      "to": 3,
      "from": 1,
      "beatId": "019dd95a-0702-74a3-87e1-64c707d12a09",
      "arcName": "The Consultant's Gambit",
      "arcSlug": "consultants-gambit",
      "beatName": "Situation & Context",
      "beatSlug": "consultants-gambit-situation-context",
      "evidence": "Cover hook 'Are We Safe?', TOC, intro on why CEOs must ask these questions",
      "position": 1,
      "confidence": 55,
      "parentBeatName": "Setup",
      "parentBeatSlug": "setup"
    }
  ],
  "loops": [
    {
      "to": 9,
      "from": 3,
      "name": "Mece Breakdown",
      "slug": "40-mece-breakdown",
      "bestFor": "Problem structuring, ensuring completeness, strategic analysis",
      "matchId": "019dd95a-088c-724c-b30d-fd91b0cb420d",
      "evidence": "Intro frames the question set, then six distinct, non-overlapping diagnostic questions (assets, training, strategy, attack vectors, recovery, prevention)",
      "position": 1,
      "objective": "Enumerate the foundational cybersecurity readiness questions a CEO must diagnose",
      "structure": "The Whole -> Category A (distinct) -> Category B (distinct) -> Category C (distinct) -> Complete Coverage",
      "confidence": 70,
      "description": "Divide a complex topic into mutually exclusive, collectively exhaustive categories"
    }
  ],
  "imagePathAlt": null,
  "thumbSrc": null,
  "thumbSrcAlt": null,
  "locked": true
}