In this article:
This process explains how to conduct the preparation call (“prep call”) for an Axio360 Cyber Risk Quantification Workshop. The prep call aims to introduce the Business Unit or Department Leads to the Axio360 Cyber Risk Quantification Method and Platform, determine who will participate in the workshop, and discuss logistics and other details about the workshop.
- Project Lead (or Facilitator, as appropriate)
- Project Assistant
- Logistics Coordinator
- Department Leads
Start these activities at least four weeks before the approximate date of the Cyber Risk Quantification Workshop.
- Axio Cyber Risk Quantification Workshop Overview delivered to Department Leads
- List of major areas of business and operations to be used to generate the brainstorming framework
- List of any specific concerns to address in the workshop
- List of departments/business units workshop Participants (or a plan to identify them)
- Date(s) for the workshop
- Identification of a department/business unit staff member to help with workshop logistics (Logistics Coordinator)
All activities are led by the Project Lead, Project Assistant, and/or Logistics Coordinator.
|1||Determine who will lead the workshop process||Determine whether the Project Lead will facilitate the workshop. If not, identify someone else to be the Facilitator or assign someone to do that after the meeting.|
|2||Schedule workshop||Decide whether the workshop will be on-site or virtual. Determine the approximate workshop date, if on-site, or dates for the six workshop sessions, if virtual.|
|3||Schedule prep call||Schedule prep call with site department leads.|
|4||Conduct the Cyber Risk Quantification overview||Introduce Department Leads to the Axio Cyber Risk Quantification Method and Axio360 platform using the Axio Quant Workshop Overview presentation.|
|5||Conduct a departments/business units overview||List the major areas of business and operations and any important interdependencies. These will be used to generate the brainstorming framework and are one of the major outputs of this call. Five or fewer is ideal. |
List any specific cybersecurity concerns.
- Cybersecurity program details or concerns</bt>- Cybersecurity culture observations or concerns
|6||Identify Participants needed||Identify people who should participate in the workshop, with the following characteristics: |
- People who have a good understanding of key business processes, activities, and requirements (e.g., CEO, VP, COO, Business Development, etc.)
- People who have a good understanding of the deployment of and dependence on computer-based technology, systems, and equipment in all elements of the organization’s operations (e.g., CIO, Director of IT, IT area leads, etc.)
- People with an understanding of cybersecurity protections and other risk management controls that are in place (e.g., CISO, Director of Security, ISO, Security Analyst, etc.)
- At least for the end of the day (ideally all day), professionals in risk management, legal, financial, and operations that understand (or have data on) estimated product values, property values, legal expenses, and similar.
It is important for the workshops to contain a mix of participants from different levels—from executive leadership down to analysts, engineers, and other employees who work directly with the area they represent.
|7||Schedule a Sponsor visit, if appropriate||Determine whether the Sponsor will visit during the workshop and whether that may make sharing difficult for others.|
|8||Identify skeptics||Determine whether any of the participants must be convinced about the process or the plausibility of cyber loss events. This will help the Project Lead or Facilitator know whether additional materials or preparation are needed before the workshops.|
|9||Plan Workshop Logistics||Workshop date(s): |
Workshop location or virtual:
Workshop hours (start and end):
department/business unit staff member to provide logistics assistance for
- Reserving a meeting room that will fit the number of participants
- Ensuring that Wi-Fi access is available
- Ensuring that flip charts and markers are available
- Providing a projector or display and connections
- Arranging for meals and snacks
- Ensuring that all participants bring laptops