A model for delivering your cyber risk message to leadership and the board using the SMEACS briefing model

Wednesday
 
27
 
November
11:20 am
 - 
12:00 pm
Topic
Cyber Security Fundamentals for Board Directors / SME / NFP
Agenda
Sign in to add this session to your agenda
Add to My AgendaAdded to My Agenda
Location
Room 218
Theme
Leadership & Governance in Cyber Security

Speakers

Jason Plumridge
Jason Plumridge

Jason Plumridge

Jason Plumridge

Chief Information Security Officer
Tesserent Cyber Services

Synopsis

Primary Purposes / Learning Objectives

A model and strategies for structuring messaging of Cyber Risk issues for the Board and Senior Executive to engage and influence decision making.

Introduction

Related experience in using the SMEACS model from time spent in NSW Law Enforcement and the NSW Rural Fire Services

Introduction and Application of the SMEACS Model

  • To draw the comparison from SMEAC structure for briefing between the Emergency Services and the Corporate Board.
  • Basis of the content is the use and application of the SMEACS model as applied to Emergency Services can also be used to communicate Cyber Risk issues.
  • Likening Cyber Risk planning and responses to that used to fight fires and enact law enforcement.

The Model in the Emergency Services Context

S – Situation – Significant Fire related event

M – Mission – Protect Life and Property

E – Execution – How do we achieve

A – Administration / Logistics

C – Command / Control / Communication

S – Support

Emergency Briefings Format

  • Detail the current emergency situation
  • Describe the objective or outcome required to manage the emergency event
  • Describe the methods to be used to handle the emergency event
  • Describe the logistics required to bring the emergency under control (Multi Organisational Response)
  • Describe the command-and-control structures to be employed during the incidents
  • Define any additional support resources required to deal with the emergency event

Comparison to the Model for Cyber Risk

Cyber related Model of SMEACS:

S – Situation – What’s the issues / risks / problems?

M – Mission – What are we trying to achieve?

E – Execution – How do we manager Cyber Risk?

A – Action – What do we need to be successful? /Metrics

C – Who’s Responsible? What needs to be Communicated? How are we controlling the risk?

S – What do we need in supporting resources?

Cyber Briefings

  • Detail to the current state of cyber security threats, risks and controls
  • Describe the outcomes being sought (i.e. reduction of risk, enhancement of security posture)
  • Describe the methods available / required to achieve the goals and objectives
  • Define the resources required to achieve the goal or objective
  • Define the reporting structures / metrics / measurements.
  • Describe the support structures and actions required from Senior Leadership / Board.

Presentation then steps through in detail how to apply the SMEACS model for each element of SMEACS in the context of Senior Leadership and the Board and provides practical insight into improvement in communication of security risks and issues to leadership in order to influence and obtain support for risk mitigation strategies, funding or other support to achieve the Cyber Risk Management objectives and ultimately the Cyber Strategy.

Final Summarisation of the Content and Key Messaging.

Back to Program

Acknowledgement of Country

We acknowledge the traditional owners and custodians of country throughout Australia and acknowledge their continuing connection to land, waters and community. We pay our respects to the people, the cultures and the elders past, present and emerging.

Acknowledgement of Country