{
  "docId": "019dd923-5de0-76bd-a169-54303fbbe19b",
  "docSlug": "0ec770bd87313ce8",
  "documentTitle": "The CEO’s Guide to Cybersecurity",
  "authorId": "BCG",
  "authorName": null,
  "documentKindSlug": "consulting-deck",
  "documentKindLabel": "Consulting deck",
  "sourceTypeSlug": "strategy_consulting",
  "sourceTypeLabel": "Strategy consulting",
  "presentationDate": null,
  "orientation": "portrait",
  "aspectRatio": 0.784,
  "pageNumber": 5,
  "pageCount": 15,
  "prevPage": 4,
  "nextPage": 6,
  "slideType": "problem_statement",
  "function": "frame_problem",
  "density": "dense",
  "nDataPoints": 0,
  "notes": "The slide uses a '2' as a section marker, suggesting it is part of a larger diagnostic or assessment framework.",
  "elementsJson": [
    "headline_text",
    "paragraph",
    "numbered_list"
  ],
  "metadataConfidence": 0.95,
  "imagePath": null,
  "slideHref": "/slides/019dd923-5de0-76bd-a169-54303fbbe19b/5",
  "deckHref": "/decks/019dd923-5de0-76bd-a169-54303fbbe19b",
  "deckJsonHref": "/decks/019dd923-5de0-76bd-a169-54303fbbe19b.json",
  "deckAnchorHref": "/decks/019dd923-5de0-76bd-a169-54303fbbe19b#slide-5",
  "components": [
    {
      "bbox": null,
      "kind": "callout",
      "text": "It's not enough to train employees by giving them information and then testing for what they remember.",
      "attrs": null,
      "subkind": null,
      "toolName": "Visual emphasis",
      "toolSlug": "visual-emphasis",
      "confidence": null,
      "componentId": "019dd951-fefa-773b-abc7-50a41aa65755",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.1,
        "w": 0.4,
        "x": 0.36,
        "y": 0.58
      },
      "kind": "list",
      "text": "FOLLOW-UP QUESTIONS\nHow often are my employees educated about cybersecurity threats?\nAre you sure?\nHave they been tested?",
      "attrs": null,
      "subkind": "bullet",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "7c61003c-5a61-436e-8eb3-58bd6112f635",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.08,
        "w": 0.72,
        "x": 0.14,
        "y": 0.37
      },
      "kind": "paragraph",
      "text": "Random testing alone leads to more cautious behavior and reduction in careless or reckless actions. Testing must be sneaky and as realistic as possible without warning. Also, make it randomized so targets don't expect it or become complacent.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "7c88e035-929a-4512-9476-ed5d13556346",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.1,
        "w": 0.72,
        "x": 0.14,
        "y": 0.46
      },
      "kind": "paragraph",
      "text": "Some may criticize random testing as potentially embarrassing to those who fail, but embarrassment from failing a test on a job is far better than the loss of that job and potentially many more due to failing a real-world incident. Cyber simulations can cause a “fight or flight” response and muscle memory that later helps recognize a potentially bad situation and appropriate reaction.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "c5c3e597-b26a-476c-ae48-23a9ddf901c2",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.12,
        "w": 0.72,
        "x": 0.14,
        "y": 0.24
      },
      "kind": "paragraph",
      "text": "It's not enough to train employees by giving them information and then testing for what they remember. It's more important to show them why they need to understand the information, the ramifications for failing to act appropriately, and to randomly test them to see their responses when faced with a decision that could lead to a successful attack.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "e7b0281e-52eb-4678-9b1e-395f2381b0f7",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.05,
        "w": 0.6,
        "x": 0.14,
        "y": 0.15
      },
      "kind": "title",
      "text": "Are my employees properly educated about cybersecurity threats?",
      "attrs": null,
      "subkind": "headline",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "c42ff98b-0c84-4c2a-8afc-bf2d66a388f6",
      "frameworkName": null,
      "frameworkSlug": null
    }
  ],
  "metrics": [],
  "tools": [
    {
      "name": "Action Titles",
      "slug": "action-titles",
      "agent": "Architect",
      "layer": "slide",
      "matchId": "019dd95a-14f6-720d-8375-3c8b2e8beb3f",
      "evidence": "Title is the question 'Are my employees properly educated about cybersecurity threats?'",
      "confidence": 85
    },
    {
      "name": "One Idea Rule",
      "slug": "one-idea-rule",
      "agent": "Designer",
      "layer": "slide",
      "matchId": "019dd95a-14f6-720d-8375-428201d1ebff",
      "evidence": "Single question on the page with one supporting principle in the callout",
      "confidence": 80
    }
  ],
  "frameworks": [],
  "arcBeats": [
    {
      "to": 9,
      "from": 4,
      "beatId": "019dd95a-0702-74a3-87e1-68abc4f9b35a",
      "arcName": "The Consultant's Gambit",
      "arcSlug": "consultants-gambit",
      "beatName": "Problem & Complication",
      "beatSlug": "consultants-gambit-problem-complication",
      "evidence": "Questions 1-6 enumerate exposure: assets, education, strategy, attack vectors, recovery, prevention",
      "position": 2,
      "confidence": 55,
      "parentBeatName": "Complication",
      "parentBeatSlug": "complication"
    }
  ],
  "loops": [
    {
      "to": 9,
      "from": 3,
      "name": "Mece Breakdown",
      "slug": "40-mece-breakdown",
      "bestFor": "Problem structuring, ensuring completeness, strategic analysis",
      "matchId": "019dd95a-088c-724c-b30d-fd91b0cb420d",
      "evidence": "Intro frames the question set, then six distinct, non-overlapping diagnostic questions (assets, training, strategy, attack vectors, recovery, prevention)",
      "position": 1,
      "objective": "Enumerate the foundational cybersecurity readiness questions a CEO must diagnose",
      "structure": "The Whole -> Category A (distinct) -> Category B (distinct) -> Category C (distinct) -> Complete Coverage",
      "confidence": 70,
      "description": "Divide a complex topic into mutually exclusive, collectively exhaustive categories"
    }
  ],
  "imagePathAlt": null,
  "thumbSrc": null,
  "thumbSrcAlt": null,
  "locked": true
}