MINERVA_Logo_white

FOR ENTERPRISE & HIGHER EDUCATION

VIRTUE

VALUE

VISION

HOW MUCH CYBERSECURITY IS ENOUGH?

  • Boards and senior executives do not have the needed visibility into their cybersecurity program leaving them legally exposed and uniformed in the decision-making process.

  • Traditional approaches such as third-party assessments, IRM/GRC tools, and self assessments do not address the legal requirements to mitigate the risk associated with the tort of negligence in the event of a cybersecurity incident.
COVID19 Image

COVID19

The events associated with COVID19 have challenged us as IT professionals, family members, and neighbors.  As the world around us changes, so to do the resources and capabilities needed to address the challenge.  The increase in social restriction is significantly increasing our dependency on IT.  While most are focused on the resumption of operations, bad actors are looking to take advantage of the increased threat surface.  It is never too late to plan and ensure that the appropriate policies and  controls are in place for your organization.  We are highly motivated to make our value accessible to everyone in these unique times.  Please contact us to learn more, or schedule time to meet with an expert.  For those not in the market, please take time to inventory your cyber capabilities and business continuity plans.  Your organizations and communities  are depending on our ability to execute effectively and securely. 

BE

INFORMED

THE STANDARD OF CARE IS THE LEGAL THRESHOLD THAT REDUCES YOUR EXPOSURE TO NEGLIGENCE

The legal precedent, which applies to cyber as well,  has been set by a number of critical legal cases that all leaders, CXOs, and Board Members should commit to memory.

United States v. Carroll Towing Co.

is a decision from the 2nd Circuit Court of Appeals that proposed a test to determine the standard of care for the tort of negligence.

Caremark International Inc. Derivative Litigation

is a civil action that came before the Delaware Court of Chancery. It is an important case in United States corporate law and discusses a director's duty of care in the oversight context. It raised the question regarding compliance, "what is the board's responsibility with respect to the organization and monitoring of the enterprise to assure that the corporation functions within the law to achieve its purposes?" Chancellor Allen wrote the opinion.

HOW

WE APPROACH CYBER RISK

Industry

The adoption of industry control standards drives our community toward a common language by which we can organize.

Organization

Integration into the broader organization allows for greater accuracy and accountability by those responsible for implementing controls.

Technology

Advancements in technology have enabled us to create new capabilities and business models that have not been available in the past.

Community

Using anonymized benchmarking, we can establish the standard of care. This allows us to use the tactics of our adversaries against them, namely "Teamwork".

THE NEW STANDARD OF CARE

CHARACTERISTICS

of the standard of care

The standard of care is the only degree of prudence and caution required of an individual who is under a duty of care

  • Reasonable

    In the law of Negligence, the reasonable person standard is the standard of care that a reasonably prudent person would observe under a given set of circumstances. This cannot be done alone and requires insight into the internal control posture of your peers.

  • Current

    The standard of care is based on the current state of the environment in which you are participating. This does not only apply to your posture, but your awareness of your peers. The fact that you meet the standard today is not relevant if your peer group materially improve their maturity leaving you exposed to cyber risk.

  • Over Time

    The standard of care is not a point-in-time threshold, meaning that you must have visibility throughout the year to ensure that you have met the reasonable standard at the point of the event. Since most security events happen outside of a scheduled window, this means that you must be aware at all times.

PRICING

1000+

Total Employees
$ 36,000 Annually
  •  

Additional

Business Unit
$ 9,000 Annually
  •