VIRTUE | VALUE | VISION
The Minerva Platform
The world’s leading cybersecurity platform focused on delivering business context.
Minerva is a cloud based context platform that provides real time dynamic insight into security programs. While current trends have organizations focusing on Governance, Risk and Compliance (GRC) and Enterprise Risk Management (ERM), they are narrowly focused on compliance with defined controls and risk governance. This focus has introduced GRC and ERM products into organizations with the goal of providing more mature operational processes, demonstrable compliance, and better governance throughout the enterprise.
While GRC and ERM tools are significant steps in the maturity of the industry, they leave the most important questions for your business unanswered:
- How much risk is acceptable?
- Are we showing Due Care in our security program?
- What is our real exposure, or liability?
- Are we investing too little, too much, or just enough in security?
- Do we have enough, or too much coverage in our Cyber Insurance policy?
The Minerva Maturity Engine
Maturity based services are a core component of most of the industry’s leading consulting firms. Organizations rely on maturity services to provide snapshot visibility into their performance and relative posture against peer organizations. Therein lies the issue.
Snapshot visibility into organizational maturity only shows historical information up to the time the report is created. Traditional reports do not provide ongoing visibility and require the purchase of additional services to track progress.
Additionally, consultative services are predisposed to interviewer biases. To minimize the impact and track progress, organizations are forced to repeat the services and hope the consulting firm minimizes the resource variation and is not promoting specific pull through services. Limited visibility into peer maturity data allows for improvement recommendations to be subjective (experiential and incentive based) .
The Minerva Maturity Engine provides objective maturity based services leveraging our community of security experts and accepted industry standards (i.e. NIST Cybersecurity Framework, NIST 800-53,ISO 27001). If industry trends are identified by our community of security experts, updated maturity questions will be assigned to all active members for immediate baselining and benchmarking. Minerva is designed to leverage cross functional IT resources to ensure that maturity inputs are being responded to by the organization’s subject matter experts outside the influences of the interviewer.
The Minerva Platform provides a real time dynamic maturity platform to measure and track your organization’s progress while identifying new areas of improvement in a rapidly evolving threat landscape. There is simply no better way to demonstrate value and set organizational goals.
The Minerva Roadmap Engine
Roadmap development remains an annual exercise aligned with budget cycles for most organizations. The exercise for most organizations relies on compliance findings, skilled security staff, and supplier promotion. These elements neglect two of the most critical components of any security program, stakeholder buy-in and organizational goal alignment.
As security programs increasingly need to integrate more closely with the core IT functions and business units, stakeholder buy-in has become a critical success factor. Integration has also remained one of the more elusive factors given the competing priorities of the various organizational functions. In addition to the internal challenges, the external environment continues to present a different, but equally challenging issue.
Trusted partners all vying for their place in your security program. While most suppliers have new mechanisms for implementing technical controls or improving operational speed, they naturally look to isolate budget holders in pursuit of a more speedy purchase decision. These challenges must somehow come together to align the security program roadmap with the organizational goals.
The Minerva Roadmap Engine is focused on driving integration of cross functional stakeholders into the roadmap process. Stakeholders are identified and the core organizational goals are defined. Projects can be submitted for review by anyone in the identified organization. The projects are anonymously reviewed by the stakeholders against the defined criteria. The projects are then ranked dynamically and able to be viewed and communicated by the leadership team. The Minerva Platform drives the integration of the business units into the process.
Additionally, the Minerva Roadmap Engine is designed to integrate with the Minerva Maturity Engine to drive simulated maturity impact analysis. As organizations look to allocate their finite resources, it is critical to ensure that the investments they are making are in fact going to have the impact that they expect from the program. Give yourself the best chance of security program success through the Minerva Roadmap Engine.
The Minerva Exposure Engine
The ability to qualify risk has been called the holy grail for Chief Information Security Officers. In the journey to quantify risk, many have asserted that it is not possible to quantify risk due to the qualitative elements involved in risk such as reputation risk and the liability incurred as a result of a security event, or data leakage. The holy grail is not out of reach, but merely has been hidden from the security community in its battle against bad actors and the ever increasing number of threat vectors that are being addressed.
A company’s stock price is a reflection of the company’s value. The stock price takes into consideration all of the quantitative and qualitative measures available to investors and reflects the value and consumer confidence in the organization. Many organizations look to metrics such as revenue derived by particular applications, but these methods are only valid for availability related events. This does not consider the multitude of security events that would not impact application availability. Additionally, the revenue of an application is not an indication of its value given to the enterprise.
The Minerva Exposure Engine is a proprietary method that combines required event notification and publicly traded stocks to derive the real value of security related events to companies. This unique view incorporates all quantitative and qualitative measures and can be applied to all organizations in the evaluation of their security posture. It is equally relevant in the determination of cyber insurance values for both insurance companies and enterprise clients. Some organizations have point in time benchmarks. the Minerva Exposure Engine provides real time dynamic exposure information for your organization. This is done by utilizing years of market information and security event data in real time as new notifications are made public.