{
  "docId": "019dd923-5de0-76bd-a169-54303fbbe19b",
  "docSlug": "0ec770bd87313ce8",
  "documentTitle": "The CEO’s Guide to Cybersecurity",
  "authorId": "BCG",
  "authorName": null,
  "documentKindSlug": "consulting-deck",
  "documentKindLabel": "Consulting deck",
  "sourceTypeSlug": "strategy_consulting",
  "sourceTypeLabel": "Strategy consulting",
  "presentationDate": null,
  "orientation": "portrait",
  "aspectRatio": 0.784,
  "pageNumber": 4,
  "pageCount": 15,
  "prevPage": 3,
  "nextPage": 5,
  "slideType": "diagnosis",
  "function": "diagnose",
  "density": "overcrowded",
  "nDataPoints": 0,
  "notes": "The slide uses a numbered list format (1) to structure a diagnostic inquiry into asset management.",
  "elementsJson": [
    "headline_text",
    "bullet_list",
    "paragraph",
    "numbered_list"
  ],
  "metadataConfidence": 1,
  "imagePath": null,
  "slideHref": "/slides/019dd923-5de0-76bd-a169-54303fbbe19b/4",
  "deckHref": "/decks/019dd923-5de0-76bd-a169-54303fbbe19b",
  "deckJsonHref": "/decks/019dd923-5de0-76bd-a169-54303fbbe19b.json",
  "deckAnchorHref": "/decks/019dd923-5de0-76bd-a169-54303fbbe19b#slide-4",
  "components": [
    {
      "bbox": null,
      "kind": "callout",
      "text": "You cannot defend assets if you are unaware of their existence, purpose, location, and status information such as configuration, age, and version.",
      "attrs": null,
      "subkind": null,
      "toolName": "Visual emphasis",
      "toolSlug": "visual-emphasis",
      "confidence": null,
      "componentId": "019dd951-fefa-773b-abc6-d55a09e079f9",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.15,
        "w": 0.7,
        "x": 0.14,
        "y": 0.28
      },
      "kind": "list",
      "text": "Hardware and Software: You cannot defend assets if you are unaware of their existence, purpose, location, and status information such as configuration, age, and version.",
      "attrs": null,
      "subkind": "bullet",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "1cf7fe69-af31-4e6c-a459-b22c5dca7fad",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.15,
        "w": 0.5,
        "x": 0.36,
        "y": 0.75
      },
      "kind": "list",
      "text": "How were our polices determined? Were they defined specifically for our company? Are they simple and easy to follow? Do our employees understand them? Are we testing for behaviors? Do we have a mechanism for reeducation? Can our policies be audited?",
      "attrs": null,
      "subkind": "bullet",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "317db327-e721-4eb1-89b2-65300bcc60d6",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.15,
        "w": 0.7,
        "x": 0.14,
        "y": 0.55
      },
      "kind": "list",
      "text": "Policies: Policies are a critical starting point in any risk management program, but a few important factors should be considered from the executive perspective.",
      "attrs": null,
      "subkind": "bullet",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "4e8a3861-e607-444f-81de-8e6e2aa76341",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.12,
        "w": 0.7,
        "x": 0.14,
        "y": 0.44
      },
      "kind": "list",
      "text": "Data: Your team should know what data you have, where it resides and how it is used. That's a critical part of systems design, security, and management.",
      "attrs": null,
      "subkind": "bullet",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "85be3fed-24c3-4f75-b01a-0b74aa78bfcf",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.06,
        "w": 0.7,
        "x": 0.14,
        "y": 0.23
      },
      "kind": "paragraph",
      "text": "Maintaining—and continually updating—an accurate inventory of both physical and virtual assets, including all devices, licenses, and policies is critical to help determine your cyber posture and vulnerabilities. Here's a detailed look at several categories of assets:",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "083bfb7b-d6b4-4305-aac8-027ea91c8e66",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.04,
        "w": 0.6,
        "x": 0.14,
        "y": 0.17
      },
      "kind": "paragraph",
      "text": "In other words, do we know what needs to be protected (i.e. hardware, software licenses, IP, and other sensitive data)?",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "674ffb43-c222-4740-a06e-9c011e67f441",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.05,
        "w": 0.6,
        "x": 0.13,
        "y": 0.14
      },
      "kind": "title",
      "text": "1 Do we keep a live inventory of assets?",
      "attrs": null,
      "subkind": "headline",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "d4d6d1be-27ba-4e5b-9a73-24def76f9396",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.02,
        "w": 0.2,
        "x": 0.36,
        "y": 0.72
      },
      "kind": "title",
      "text": "FOLLOW-UP QUESTIONS",
      "attrs": null,
      "subkind": "subtitle",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "7cba3dd1-f5ee-4468-8dd5-3f7f56253f87",
      "frameworkName": null,
      "frameworkSlug": null
    }
  ],
  "metrics": [],
  "tools": [
    {
      "name": "Action Titles",
      "slug": "action-titles",
      "agent": "Architect",
      "layer": "slide",
      "matchId": "019dd95a-14f6-720d-8375-31ab61676c58",
      "evidence": "Title 'Do we keep a live inventory of assets?' states the diagnostic itself",
      "confidence": 85
    },
    {
      "name": "Concrete Language",
      "slug": "concrete-language",
      "agent": "Storyteller",
      "layer": "slide",
      "matchId": "019dd95a-14f6-720d-8375-3a3745c71afb",
      "evidence": "Callout names the concrete attributes: 'existence, purpose, location, configuration, age, version'",
      "confidence": 70
    },
    {
      "name": "One Idea Rule",
      "slug": "one-idea-rule",
      "agent": "Designer",
      "layer": "slide",
      "matchId": "019dd95a-14f6-720d-8375-36c014d5acb8",
      "evidence": "Whole page is the asset-inventory question and its rationale",
      "confidence": 80
    }
  ],
  "frameworks": [
    {
      "name": "diagnostic-test",
      "slug": null,
      "matchId": "f83d5e89-acd1-4edb-86d8-fa96fc2b1a0b",
      "evidence": "The slide poses a diagnostic question followed by sub-questions to assess organizational maturity.",
      "confidence": 0.8
    }
  ],
  "arcBeats": [
    {
      "to": 9,
      "from": 4,
      "beatId": "019dd95a-0702-74a3-87e1-68abc4f9b35a",
      "arcName": "The Consultant's Gambit",
      "arcSlug": "consultants-gambit",
      "beatName": "Problem & Complication",
      "beatSlug": "consultants-gambit-problem-complication",
      "evidence": "Questions 1-6 enumerate exposure: assets, education, strategy, attack vectors, recovery, prevention",
      "position": 2,
      "confidence": 55,
      "parentBeatName": "Complication",
      "parentBeatSlug": "complication"
    }
  ],
  "loops": [
    {
      "to": 9,
      "from": 3,
      "name": "Mece Breakdown",
      "slug": "40-mece-breakdown",
      "bestFor": "Problem structuring, ensuring completeness, strategic analysis",
      "matchId": "019dd95a-088c-724c-b30d-fd91b0cb420d",
      "evidence": "Intro frames the question set, then six distinct, non-overlapping diagnostic questions (assets, training, strategy, attack vectors, recovery, prevention)",
      "position": 1,
      "objective": "Enumerate the foundational cybersecurity readiness questions a CEO must diagnose",
      "structure": "The Whole -> Category A (distinct) -> Category B (distinct) -> Category C (distinct) -> Complete Coverage",
      "confidence": 70,
      "description": "Divide a complex topic into mutually exclusive, collectively exhaustive categories"
    }
  ],
  "imagePathAlt": null,
  "thumbSrc": null,
  "thumbSrcAlt": null,
  "locked": true
}