ABOUT THE PLATFORM
THE MINERVA PLATFORM
Using innovation to address unsolved problems and underserved markets
Minerva is a resilient and secure cloud based platform that provides real time dynamic insight into security programs. Unencumbered by legacy infrastructure or legacy code, we have leveraged being born in the cloud to provide a highly scalable and performance driven architecture.
The Minerva platform uses a four step approach to solve problems that Cybersecurity leaders have chased for years.
01. LEVERAGE TECHNOLOGY
Advancement in software development has effectively turned everything into code. From the application itself to the infrastructure allowing for more dynamic applications and resilient infrastructure. This allows us to implement a consistent service which allows for more effective management.
02. LEVERAGE INDUSTRY STANDARS
- ISO 27001
- NIST CSF (Using ISO 27001)
- NIST 800-53
- NIST CSF (Using NIST 800-53)
- SMB / EDU NIST 800-53 (Abbreviated)
03. LEVERAGE YOUR ORGANIZATION
Cybersecurity is a team sport and the responsibility of everyone in the organization. We assign responsibility throughout the organization reducing the response distance and placing those that are responsible in a position of ownership. This discipline drive more accurate information and improves business outcomes.
04. LEVERAGE OUR CISO COMMUNITY
The cybersecurity community is evolving and effective leaders recognize that while some parts of our security program must remain secret, there are other parts in which we must work together to achieve more effective security programs.
QUESTIONS FROM YOUR BUSINESS
01. HOW MUCH RISK IS ACCEPTABLE TO OUR ORGANIZATION?
02. HOW DO WE ESTABLISH DUE CARE?
03. CAN WE DEMONSTRATE FISCAL RESPONSIBILITY?
04. WHAT IS OUR REAL EXPOSURE, OR LIABILITY?
05. HOW MUCH AND WHAT TYPE OF COVERAGE DO WE NEED?
06. HOW MUCH INSURANCE DO WE NEED?
ANSWERS FOR YOUR BUSINESS
Maturity based services are a core component of most of the industry's leading consulting firms. Organizations rely on maturity services to provide snapshot visibility into their performance and relative posture against peer organizations. Therein lies the issue.
Current visibility into organizational maturity only shows historical information up to the time a report is created. Traditional reports do not provide ongoing visibility and require the purchase of additional services to track progress.
Additionally, consultative services are predisposed to interviewer biases. To minimize the impact and track progress, organizations are forced to repeat the services and hope the consulting firm minimizes the resource variation and is not promoting specific pull through services. Limited visibility into peer maturity data allows for improvement recommendations to be subjective (experiential and incentive based) .
The Minerva Maturity Engine provides objective maturity based services leveraging our community of security experts and accepted industry standards (i.e. NIST Cybersecurity Framework, NIST 800-53,ISO 27001). If industry trends are identified by our community of security experts, updated maturity questions will be assigned to all active members for immediate baselining and benchmarking. Minerva is designed to leverage cross functional IT resources to ensure that maturity inputs are being responded to by the organization's subject matter experts outside the influences of the interviewer.
The Minerva Platform provides a real time dynamic maturity platform to measure and track your organization's progress while identifying new areas of improvement in a rapidly evolving threat landscape. There is simply no better way to demonstrate value and set organizational goals.
The ability to quantify risk has been called the holy grail for Chief Information Security Officers. In the journey to quantify risk, many have asserted that it is not possible to quantify risk due to the qualitative elements involved in risk such as reputation risk and the liability incurred as a result of a security event, or data leakage. The holy grail is not out of reach, but merely has been hidden from the security community in its battle against bad actors and the ever increasing number of threat vectors that are being addressed.
A company’s stock price is a reflection of the company’s value. The stock price takes into consideration all of the quantitative and qualitative measures available to investors and reflects the value and consumer confidence in the organization. Many organizations look to metrics such as revenue derived by particular applications, but these methods are only valid for availability related events. This does not consider the multitude of security events that would not impact application availability. Additionally, the revenue of an application is not an indication of its value given to the enterprise.
The Minerva Exposure Engine is a proprietary method that combines required event notification and publicly traded stocks to derive the real value of security related events to companies. This unique view incorporates all quantitative and qualitative measures and can be applied to all organizations in the evaluation of their security posture. It is equally relevant in the determination of cyber insurance values for both insurance companies and enterprise clients. Some organizations have point in time benchmarks. the Minerva Exposure Engine provides real time dynamic exposure information for your organization. This is done by utilizing years of market information and security event data in real time as new notifications are made public.
Roadmap development remains an annual exercise aligned with budget cycles for most organizations. The exercise for most organizations relies on compliance findings, skilled security staff, and supplier promotion. These elements neglect two of the most critical components of any security program, stakeholder buy-in and organizational goal alignment.
As security programs increasingly need to integrate more closely with the core IT functions and business units, stakeholder buy-in has become a critical success factor. Integration has also remained one of the more elusive factors given the competing priorities of the various organizational functions. In addition to the internal challenges, the external environment continues to present a different, but equally challenging issue.
Trusted partners all vying for their place in your security program. While most suppliers have new mechanisms for implementing technical controls or improving operational speed, they naturally look to isolate budget holders in pursuit of a more speedy purchase decision. These challenges must somehow come together to align the security program roadmap with the organizational goals.
The Minerva Roadmap Engine is focused on driving integration of cross functional stakeholders into the roadmap process. Stakeholders are identified and the core organizational goals are defined. Projects can be submitted for review by anyone in the identified organization. The projects are anonymously reviewed by the stakeholders against the defined criteria. The projects are then ranked dynamically and able to be viewed and communicated by the leadership team. The Minerva Platform drives the integration of the business units into the process.
Additionally, the Minerva Roadmap Engine is designed to integrate with the Minerva Maturity Engine to drive simulated maturity impact analysis. As organizations look to allocate their finite resources, it is critical to ensure that the investments they are making are in fact going to have the impact that they expect from the program. Give yourself the best chance of security program success through the Minerva Roadmap Engine.