{
  "docId": "019dd923-5de0-76bd-a169-54303fbbe19b",
  "docSlug": "0ec770bd87313ce8",
  "documentTitle": "The CEO’s Guide to Cybersecurity",
  "authorId": "BCG",
  "authorName": null,
  "documentKindSlug": "consulting-deck",
  "documentKindLabel": "Consulting deck",
  "sourceTypeSlug": "strategy_consulting",
  "sourceTypeLabel": "Strategy consulting",
  "presentationDate": null,
  "orientation": "portrait",
  "aspectRatio": 0.784,
  "pageNumber": 8,
  "pageCount": 15,
  "prevPage": 7,
  "nextPage": 9,
  "slideType": "diagnosis",
  "function": "diagnose",
  "density": "dense",
  "nDataPoints": 0,
  "notes": "The slide uses a numbered list format (5) to frame a diagnostic inquiry into organizational resilience.",
  "elementsJson": [
    "paragraph",
    "bullet_list",
    "numbered_list"
  ],
  "metadataConfidence": 0.95,
  "imagePath": null,
  "slideHref": "/slides/019dd923-5de0-76bd-a169-54303fbbe19b/8",
  "deckHref": "/decks/019dd923-5de0-76bd-a169-54303fbbe19b",
  "deckJsonHref": "/decks/019dd923-5de0-76bd-a169-54303fbbe19b.json",
  "deckAnchorHref": "/decks/019dd923-5de0-76bd-a169-54303fbbe19b#slide-8",
  "components": [
    {
      "bbox": {
        "h": 0.03,
        "w": 0.5,
        "x": 0.36,
        "y": 0.82
      },
      "kind": "callout",
      "text": "FOLLOW-UP QUESTIONS",
      "attrs": null,
      "subkind": "primary",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "9d55c24b-d41e-4353-a44f-46e595a34768",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": null,
      "kind": "callout",
      "text": "Ask for evidence of the following: Incident Response Plans, Disaster Recovery Plans, Business Continuity Plans, and Insider Protections.",
      "attrs": null,
      "subkind": null,
      "toolName": "Visual emphasis",
      "toolSlug": "visual-emphasis",
      "confidence": null,
      "componentId": "019dd951-fefa-773b-abc6-b9a339b71b08",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.05,
        "w": 0.5,
        "x": 0.36,
        "y": 0.85
      },
      "kind": "list",
      "text": "Can our IT department demonstrate the right reporting and systems? What are you monitoring and measuring to make sure we are protected?",
      "attrs": null,
      "subkind": "bullet",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "576e2400-a306-465c-b135-6ab4faeeb0dc",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.5,
        "w": 0.72,
        "x": 0.14,
        "y": 0.33
      },
      "kind": "list",
      "text": "Incident Response Plans; Disaster Recovery Plans; Business Continuity Plans; Insider Protections",
      "attrs": null,
      "subkind": "bullet",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "d3bf5cea-099c-454d-b864-6a043824285f",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.1,
        "w": 0.72,
        "x": 0.14,
        "y": 0.21
      },
      "kind": "paragraph",
      "text": "Many organizations do not have a plan for recovering from a major attack quickly. Key issues such as reducing downtime, preventing, or minimizing revenue loss, addressing customers' experiences during a recovery, and minimizing recovery costs must be addressed before an incident occurs.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "caae466f-a332-4cf5-aae3-3dd6d8d2fe4b",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.05,
        "w": 0.72,
        "x": 0.14,
        "y": 0.14
      },
      "kind": "title",
      "text": "If we were hit by a major attack, how confident are you that we could recover quickly?",
      "attrs": null,
      "subkind": "headline",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "b7b3b42a-2c62-4ef2-85ac-540b83210abe",
      "frameworkName": null,
      "frameworkSlug": null
    }
  ],
  "metrics": [],
  "tools": [
    {
      "name": "MECE Principle",
      "slug": "mece-principle",
      "agent": "Architect",
      "layer": "block",
      "matchId": "019dd95a-14f6-720d-8375-59c07161b02b",
      "evidence": "Body breaks recovery into four distinct categories: Incident Response, Disaster Recovery, Business Continuity, Insider Protections",
      "confidence": 75
    },
    {
      "name": "Action Titles",
      "slug": "action-titles",
      "agent": "Architect",
      "layer": "slide",
      "matchId": "019dd95a-14f6-720d-8375-5550f39edc1c",
      "evidence": "Title 'If we were hit by a major attack, how confident are you that we could recover quickly?'",
      "confidence": 85
    },
    {
      "name": "Audience Definition",
      "slug": "audience-definition",
      "agent": "Storyteller",
      "layer": "slide",
      "matchId": "11afde9d-8f67-48fa-a945-98f0f997e4a4",
      "evidence": "If we were hit by a major attack, how confident are you that we could recover quickly?",
      "confidence": 0.6
    },
    {
      "name": "Concrete Language",
      "slug": "concrete-language",
      "agent": "Storyteller",
      "layer": "slide",
      "matchId": "019dd95a-14f6-720d-8375-5f9c0d855073",
      "evidence": "Lists four named, defined plan types with specific evidence to demand",
      "confidence": 75
    },
    {
      "name": "Problem Statement Canvas",
      "slug": "problem-statement-canvas",
      "agent": "Architect",
      "layer": "slide",
      "matchId": "76e02382-c96f-48ac-8fb5-e39bbe928d38",
      "evidence": "Many organizations do not have a plan for recovering from a major attack quickly. Key issues such as reducing downtime, preventing, or minimizing revenue loss, addressing customers' experiences durin",
      "confidence": 0.7
    }
  ],
  "frameworks": [
    {
      "name": "diagnostic-test",
      "slug": null,
      "matchId": "85637326-a915-4c85-9bc2-f085f88b806e",
      "evidence": "The slide poses a diagnostic question and provides a checklist of evidence to evaluate organizational readiness.",
      "confidence": 0.8
    }
  ],
  "arcBeats": [
    {
      "to": 9,
      "from": 4,
      "beatId": "019dd95a-0702-74a3-87e1-68abc4f9b35a",
      "arcName": "The Consultant's Gambit",
      "arcSlug": "consultants-gambit",
      "beatName": "Problem & Complication",
      "beatSlug": "consultants-gambit-problem-complication",
      "evidence": "Questions 1-6 enumerate exposure: assets, education, strategy, attack vectors, recovery, prevention",
      "position": 2,
      "confidence": 55,
      "parentBeatName": "Complication",
      "parentBeatSlug": "complication"
    }
  ],
  "loops": [
    {
      "to": 9,
      "from": 3,
      "name": "Mece Breakdown",
      "slug": "40-mece-breakdown",
      "bestFor": "Problem structuring, ensuring completeness, strategic analysis",
      "matchId": "019dd95a-088c-724c-b30d-fd91b0cb420d",
      "evidence": "Intro frames the question set, then six distinct, non-overlapping diagnostic questions (assets, training, strategy, attack vectors, recovery, prevention)",
      "position": 1,
      "objective": "Enumerate the foundational cybersecurity readiness questions a CEO must diagnose",
      "structure": "The Whole -> Category A (distinct) -> Category B (distinct) -> Category C (distinct) -> Complete Coverage",
      "confidence": 70,
      "description": "Divide a complex topic into mutually exclusive, collectively exhaustive categories"
    }
  ],
  "imagePathAlt": null,
  "thumbSrc": null,
  "thumbSrcAlt": null,
  "locked": true
}