DRIVEN BY BUSINESS

PRODUCING UNMATCHED RESULTS

Achieving a well balanced cybersecurity program can be one of the most difficult initiatives an organization undertakes. Technology is integrated into almost every aspect of building a business and therefor, so too should be cybersecurity. That being said, we recognize the pressures of the business to remain nimble and quick do not always align with the need to protect the business. How does your organization achieve balance that you can defend to your stakeholders?

OUR UNIQUE APPROACH RISK UNLOCKS PERFORMANCE

BY KNOWING THE LEGAL REQUIREMENTS

Legal Threshold & The Standard of Care

The Standard of care is the legal threshold that reduces your exposure to nengligence.

BENCHMARK CASES

United States v. Carroll Towing Co.

is a decision from the 2nd Circuit Court of Appeals that proposed a test to determine the standard of care for the tort of negligence.

Caremark International Inc Derivative Litigation

is a civil action that came before the Delaware Court of Chancery. It is an important case in United States corporate law and discusses a director’s duty of care in the oversight context. It raised the question regarding compliance, “what is the board’s responsibility with respect to the organization and monitoring of the enterprise to assure that the corporation functions within the law to achieve its purposes?” Chancellor Allen wrote the opinion.

AND IMPLEMENTING THEM OPERATIONALLY

Characteristics of The Standard of Care

The standard of care is the only degree of prudence and caution required of an individual who is under a duty of care.

CHARACTERISTICS

Reasonable

In the law of Negligence, the reasonable person standard is the standard of care that a reasonably prudent person would observe under a given set of circumstances. This cannot be done alone and requires insight into the internal control posture of your peers.

Current

The standard of care is based on the current state of the environment in which you are participating. This does not only apply to your posture, but your awareness of your peers. The fact that you meet the standard today is not relevant if your peer group materially improve their maturity leaving you exposed to cyber risk.

Over Time

The standard of care is not a point-in-time threshold, meaning that you must have visibility throughout the year to ensure that you have met the reasonable standard at the point of the event. Since most security events happen outside of a scheduled window, this means that you must be aware at all times.

THE RESULTS ARE

REAL-TIME COMMUNICATION WITH BUSINESS CONTEXT NEVER AVAILABLE BEFORE

MATURITY ENGINE

(PATENT PENDING)

Using innovation to address unsolved problems and underserved markets

End the Cycle of Consultative Captivity

Consultative Captivity is the required purchase of consultative services with no alternative solution.
Maturity assessments are a core component of most of the cyber consulting firms portfolios. In addition, organizations rely on maturity services to provide visibility into their performance and relative posture against peer organizations. Therein lies the issue.

Current assessment models only show snapshots of historical information up to the time a report is created. Traditional reports do not provide visibility over time and require the purchase of another assessment to track progress . While many cyber leaders are left frustrated with the result, these engagements remain a critical component of visibility in most cyber programs that can afford them.

The Minerva Platform provides a SaaS based alternative. Minerva is a real-time maturity platform built to measure and track your organization’s progress while identifying areas of risk optimization in a rapidly evolving threat landscape. There is simply no better way to demonstrate value, set organizational goals, and establish the standard of care.

Using innovation to address unsolved problems and underserved markets

End the Cycle of Consultative Captivity

Context is how we apply meaning to the vast amounts of data and input provided by our technical controls.
Unfortunately, most organizations have vast amounts of operational data that means nothing to the stakeholders driving the business. While operationally relevant, without context the data carries little meaning and does not provide the insight needed to help guide effective business decisions.

The inability to translate these operational terms into meaningful business terms leaves most Cyber programs struggling to find effective ways of communicating value and alignment with the company goals.

The Minerva platforms context and visualization are guided by a highly credited and experienced advisory board from industry and academia. We have brought together the best in both business and cybersecurity to provide easily understood solution to the complex world of cybersecurity.

Achieving a well balanced cybersecurity program can be one of the most difficult initiatives an organization undertakes. Technology is integrated into almost every aspect of building a business and therefor, so too should be cybersecurity. That being said, we recognize the pressures of the business to remain nimble and quick do not always align with the need to protect the business. How does your organization achieve balance that you can defend to your stakeholders?