'The Risk Call' Monthly Webinar    'CYBERWatch' Monthly Newsletter 

Board Reporting and GRC

For Board Updates, our Thrivaca Risk Profile was designed in concert with the National Association of Corporate Directors (NACD) Cyber Risk handbook. Specifically, the analytical results of your Risk Profile address the “Four Key Questions” recommended by NACD for boards and senior management to apply to the governance, oversight and transparency for cybersecurity risk.

These are data-driven measures of the current overall state of cyber risk, and its economic effects, across the enterprise. Using actual documented losses across a variety of industries, scaling these losses to our organization, applying actuarial models to determine relative probability of these losses, and filtering them by our own level of preparedness and our specific status.

in terms of cybersecurity controls, your Risk Profile provides transparency to the board for understanding, in business and financial terms, current loss exposure. Over time, and especially as we reduce vulnerabilities and enhance controls, you are able to track the organization’s progression on these key indicators, assuring the board visibility to both the current state as well as the rate of improvement on these key areas of exposure.

Additionally, you should consider making use of the Arx Nimbus board presentation template in PowerPoint. This standardize reporting template allows for the pacing and focus, consistent with SEC and NACD guidelines to address the most insightful areas for senior management.