Our objective is to provide structure and guidance to those who wish to protect themselves
and their organizations from the predators that are present in cyber space. Our approach
has three basic assumptions:
1. Known cyber risks are immediate and real threats. They need to be addressed and
dealt with on an on-going basis. They cannot be ignored. And one must be ready to
deal with the new cyber risks that arise. Unfortunately, this means you will always be
playing ‘catch-up’ as new risks arise daily. Leading to what we call playing ‘cyber
2. If you wish to stop playing ‘cyber wack-a-mole’ you need to implement a parallel
approach that deals with your cyber exposures and cyber security culture.
3. Many organizations, faced with resource (staff, dollars and technologies) constraints,
may require a segmented approach.