Assessing Breach Risk Discovery Assess Execute Present Plan Inventory what you areresponsible for protecting• On-prem, Cloud, Mobile, 3rd-party assets• Managed AND Unmanaged• Applications vs Infrastructure and dependencies that Apps have on infrastructure assets• Asset Criticality Analysis 1. Understand cyber-risk and how it is changing• By Business Unit/Segment• By Site and By Risk Owner• By Attack Vector2. Understand threat landscape3. Understand effectiveness of existing controls4. Cybersecurity Awareness Index5. Benchmark• Internal & External6. Regulatory compliance7. Understand risk appetite of your board and CEO 1. Prioritize2. Simulate• New controls• Config changes• Accept certain risk items3. Estimate costs4. Assign owners5. Set goals & define intermediate progress metrics6. Get buy-in and approvals