Churches need a Chief Information Security “Officer” commonly called a CISO. This is the person responsible for the risk assessments. As privacy becomes more prominent in 2019, you will begin to experience the need for a CISO. The risk assessment will be your key for defending your actions, should someone question why or why not are you doing X Y or Z.
What I see in all the cyber risk assessments, I have reviewed, is a holistic context and approach with each of the individual risk assessments. The risk assessment is addressing the cybersecurity aspects of the technology in question, showing how and why this technology is a fit for its risk fits into the entire organization church planting/strategy plan and cybersecurity plan. They are all showing how the technology and the management of the dangers fit into the overall project. They also show how the church is managing all areas affected by cybersecurity as a unified whole. The Cognitive CISO understands the risk assessment is as much art as science.
Assessments show how the technology plays into a cybersecurity-related approach. There are pages on the justification for the technology as it relates to the overall plan of the church.
Each of the baker’s dozen assessments I have reviewed recently is addressing the areas of leadership in evolvement in the choosing of the technology both from a church planting and technology perspective. Showing how the technology and the management of the risks are accomplishing the strategy, the effect on congregrations, workforce, and operations both church process and IT processes, as well as the results that achieved.
There are a substantial section on Measurements. They are explaining what measurements they are using, what the analysis of the technology led them to choose the technology, and what knowledge management gained after implementation. What I am finding interesting is the assessments address all of these components within an “Organizational Context.” The evaluations show how they define their organization’s distinctive characteristics and situation as they relate to cybersecurity. They demonstrate an understanding of human nature, thought and science. Think Physics.
In my conversations with leading CISO’s, they said the advice they are looking to find a way to measure the effectiveness of the cybersecurity framework within the organization via the risk assessments. They are seeking to understand via the evaluation of the decisions around cybersecurity, and how it is going to impact your organization and what it does and how it does it.
What I see as the Key aspects in the risk assessments:
Detailing cybersecurity-related activities that are important to church planting and operational strategy and the delivery of critical services;
Prioritize investments in managing cybersecurity risk; They are showing how this is all part of the overall long-term plan
Demonstrates the approach the church took to determine the effectiveness and efficiency of the technology in using cybersecurity standards, guidelines, and practices in the church
Detail showing the process how they went about assessing their cybersecurity risk and the results thereof;
Risk assessment identify priorities for improvement and the plan over the next 24 months to implement it.