The Cyber Exposure Awareness Toolkit

Perform Your Cyber Exposure Analysis - the first step towards understanding and managing your cyber exposures.

About This Toolkit

Cyber Exposure Analysis is the first step towards understanding and managing your cyber exposures.

The analysis begins by your completing a brief survey which you find inside when you sign up. The survey is then e-mailed to us where it will be processed using our proprietary algorithm against our database creating an analysis of your cyber exposure awareness.

As part of the analysis the report includes suggested next steps to improve your cyber security. A very sound way to begin to get your arms around your cyber exposures.

Who This Toolkit Is For?

This toolkit is designed for all who have an interest, or concern, regarding cyber threats to gain a broader view and understand that cyber threats are not just a technical issue.

  • Board members and C level executives could certainly gain in having a broader understanding of the threats their organization faces.
  • IT managers and staff would gain an understanding of the wide range of threats their organizations face and the need to reach across the organization to communicate and assist.
  • Cyber threat practitioners can gain by having additional information that will assist their efforts in gaining support and resources.

If you are concerned that your organization is approaching cyber threats in a comprehensive manner and not just playing cyber wack-a-mole, you need to complete this survey.


Your Instructor

Douglas A. Nagan
Douglas A. Nagan

Doug Nagan has over fifty years experience in computer and information technology. Currently he is working with clients on projects involving business and IT strategic issues. He most recently created, with a Philadelphia law firm, Kleinbard LLC, a family of cyber risk exposure management protocols.

The protocols, Frigate for general business use, and Summa for higher educational institutions, provide a strategic overview of organizations' cyber risk exposures with recommendation for appropriate actions to address the potential risks.

Doug has assisted clients, including the U.S. Air Force, assess risks in manufacturing, finance, IT and supply chains. Results have included direct savings of over $100 million and the avoidance of potential risks of equivalent value through assessment of existing operational and implementing suggested improvements.

His experience includes: business analysis, business continuity, information technology, merger consolidation, operations and process improvement, project and program management, risk assessment and management, and sourcing strategy. Clients range from start-ups to Global 25 corporations across eight industries.

Doug founded Nagan Research Group in 2009 to pursue research in cyber risk. In 1992, Doug founded and led International Resource Management, Inc. for 16 years to provide high level strategic guidance to corporate clients and to pursue the development of several technologies that he had invented. He currently holds U.S. Patent 5,818,400 for a new display technology.

Prior to 1992, Doug held executive positions in John Wiley & Sons, The Boston Company and Commercial Union.

Education: BS in Electrical Engineering – Lafayette College

MBA course work – New York University

Life Member IEEE and The Computer Society

Publications: eERM – effective Enterprise Risk Management 2011 ISBN 978-1460980446; eCEM –effective Cyber Exposure Management 2012 ISBN 978-1478183785; The Case for a National Preparedness Standard and Metric, presented at the IEEE-HST conference in May 2007

Course Curriculum

  Section 1
Available in days
days after you enroll

Recent Results

"The course was very useful and I have a much better and clearer understanding of cyber risk exposure. It is well presented and hits all the right notes. A good framework which I will be incorporating into our bank branch in Australia"

- Vijay Poobathy, Risk & Compliance Office, Australia

Frequently Asked Questions

How secure is my data?
We do not create a client database. We use the data from the survey, create the report, email it back to you, and then erase the on-line data. So there is no on-line history on our machines of your data. We believe the best security for your data is not to have it on-line.
How does this toollkit work?
First, complete the survey which you will find in the course curriculum area once you signed up. The survey is in PDF format allowing direct data entry using Adobe Acrobat or Adobe Reader Please complete all sections before clicking on the send button. You will receive a report within 5 business days of submission,
What is the basis of your toolkit?
It is a concise summary of several analytic tools we have developed and used over the years. One of these tools, a more in depth cyber exposure analysis called Frigate which we developed in tandem with Kleinbard LLC a Philadelphia law firm, is now in version 7.3
What should I expect from the report?
A general road map outlining the possible extent of your cyber exposures and suggestions of what you might do to address them. The suggestions might be a simple suggestion that you should work with your technical experts and legal advisors to create policies and procedures to cover a specific exposures, or it might tell you that your situation is so complex that it will require greater analysis and suggests next steps.
Who is using this approach?
Organizations large and small have been using the parent products under attorney client privilege protection. We created this toolkit just recently in order to provide a quick and easy path for organizations to have a way to identify and address their hidden cyber exposures. As an overview meant to get you started and that is reflected in the price, which is much below the parent products.
You seem to ignore the basic technical cyber risks. Why?
That is for two reasons. First, I have found over the years that most organizations have fairly effective programs in place to address the technical cyber risks that are known. Second, the cyber exposures that lurk in the non-technical areas, such as contractual protections in cloud services for when things go wrong, are often ignored and in many cases represent greater exposure to the organization than the classic technical cyber risks.
How big is the database used in creating the report?
The size of the database is not relevant as we are not comparing your responses to other companies, rather to a distilled best practice paradigm with individual responses.
What type of companies does the toolkit include?
As said above it is not company driven. Rather it is cyber exposure driven. For example to gauge the cyber exposure in your use of Social Media relates more to the policies, protocols and guidance you have in place and your corporate culture, measurement and monitoring than what industry it is being used in. A strong cyber exposure security program is based on what you do not what your competitor is doing.

Get started now!