{
  "docId": "019dd923-5de0-76bd-a169-54303fbbe19b",
  "docSlug": "0ec770bd87313ce8",
  "documentTitle": "The CEO’s Guide to Cybersecurity",
  "authorId": "BCG",
  "authorName": null,
  "documentKindSlug": "consulting-deck",
  "documentKindLabel": "Consulting deck",
  "sourceTypeSlug": "strategy_consulting",
  "sourceTypeLabel": "Strategy consulting",
  "presentationDate": null,
  "orientation": "portrait",
  "aspectRatio": 0.784,
  "pageNumber": 6,
  "pageCount": 15,
  "prevPage": 5,
  "nextPage": 7,
  "slideType": "diagnosis",
  "function": "diagnose",
  "density": "dense",
  "nDataPoints": 0,
  "notes": "The slide uses a numbered header '3' suggesting it is part of a larger diagnostic sequence.",
  "elementsJson": [
    "paragraph",
    "numbered_list"
  ],
  "metadataConfidence": 1,
  "imagePath": null,
  "slideHref": "/slides/019dd923-5de0-76bd-a169-54303fbbe19b/6",
  "deckHref": "/decks/019dd923-5de0-76bd-a169-54303fbbe19b",
  "deckJsonHref": "/decks/019dd923-5de0-76bd-a169-54303fbbe19b.json",
  "deckAnchorHref": "/decks/019dd923-5de0-76bd-a169-54303fbbe19b#slide-6",
  "components": [
    {
      "bbox": null,
      "kind": "callout",
      "text": "It's critical to know how technology is accessed, leveraged, and the impacts of an attack on that technology.",
      "attrs": null,
      "subkind": null,
      "toolName": "Visual emphasis",
      "toolSlug": "visual-emphasis",
      "confidence": null,
      "componentId": "019dd951-fefa-773b-abc7-be9efa150abe",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.4,
        "w": 0.5,
        "x": 0.36,
        "y": 0.44
      },
      "kind": "list",
      "text": "Does our cybersecurity strategy address business risk? How?\nIs there an actual risk matrix that identifies specific business risks and how they are addressed from the security perspective?\nAre the board and business unit executives informed about our cybersecurity strategy?\nIs there a regular mechanism of communication and dialogue with the most senior executives around the who, what, where, how of the organization's security strategy and better yet, posture as measured against that strategy?\nHow are we protecting ourselves in case of a breach?\nAre we aligning our cybersecurity strategy with business objectives?\nDo we have the right data governance strategy to minimize cyber risk?\nHow can we operate in case of ransomware attack?\nHow long does it take for us to detect, respond and recover?\nDo we have the right data governance strategy to minimize cyber risk?",
      "attrs": null,
      "subkind": "bullet",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "e6b1a64e-a8a2-44bb-bcb5-efc9fdb63f57",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.15,
        "w": 0.72,
        "x": 0.14,
        "y": 0.23
      },
      "kind": "paragraph",
      "text": "It's critical to know how technology is accessed, leveraged, and the impacts of an attack on that technology. Many employees don't fully understand the business impact of a major cyber incident... It's important to have the ability to recover...",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "ec966b45-afbb-4e09-80e9-5fcb5bf65d18",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.05,
        "w": 0.7,
        "x": 0.08,
        "y": 0.14
      },
      "kind": "title",
      "text": "3 Does our cybersecurity strategy address business risk? How?",
      "attrs": null,
      "subkind": "headline",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "f7111e2c-7cb3-4159-b735-0ab6bb751edb",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.02,
        "w": 0.2,
        "x": 0.36,
        "y": 0.41
      },
      "kind": "title",
      "text": "FOLLOW-UP QUESTIONS",
      "attrs": null,
      "subkind": "subtitle",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "544d52c2-86a2-43e1-8cba-8972b71e6f8b",
      "frameworkName": null,
      "frameworkSlug": null
    }
  ],
  "metrics": [],
  "tools": [
    {
      "name": "Action Titles",
      "slug": "action-titles",
      "agent": "Architect",
      "layer": "slide",
      "matchId": "019dd95a-14f6-720d-8375-45268491e828",
      "evidence": "Title 'Does our cybersecurity strategy address business risk? How?' frames the slide",
      "confidence": 85
    },
    {
      "name": "One Idea Rule",
      "slug": "one-idea-rule",
      "agent": "Designer",
      "layer": "slide",
      "matchId": "019dd95a-14f6-720d-8375-4a66627c2e2c",
      "evidence": "Single strategic question per page format",
      "confidence": 80
    }
  ],
  "frameworks": [],
  "arcBeats": [
    {
      "to": 9,
      "from": 4,
      "beatId": "019dd95a-0702-74a3-87e1-68abc4f9b35a",
      "arcName": "The Consultant's Gambit",
      "arcSlug": "consultants-gambit",
      "beatName": "Problem & Complication",
      "beatSlug": "consultants-gambit-problem-complication",
      "evidence": "Questions 1-6 enumerate exposure: assets, education, strategy, attack vectors, recovery, prevention",
      "position": 2,
      "confidence": 55,
      "parentBeatName": "Complication",
      "parentBeatSlug": "complication"
    }
  ],
  "loops": [
    {
      "to": 9,
      "from": 3,
      "name": "Mece Breakdown",
      "slug": "40-mece-breakdown",
      "bestFor": "Problem structuring, ensuring completeness, strategic analysis",
      "matchId": "019dd95a-088c-724c-b30d-fd91b0cb420d",
      "evidence": "Intro frames the question set, then six distinct, non-overlapping diagnostic questions (assets, training, strategy, attack vectors, recovery, prevention)",
      "position": 1,
      "objective": "Enumerate the foundational cybersecurity readiness questions a CEO must diagnose",
      "structure": "The Whole -> Category A (distinct) -> Category B (distinct) -> Category C (distinct) -> Complete Coverage",
      "confidence": 70,
      "description": "Divide a complex topic into mutually exclusive, collectively exhaustive categories"
    }
  ],
  "imagePathAlt": null,
  "thumbSrc": null,
  "thumbSrcAlt": null,
  "locked": true
}