1) EIG annually hires a respected external consultant to find vulnerabilities and it makes improvements based on the results;
(2) EIG has a mandatory annual training module for all employees to train on the importance of data hygiene, prevalence of phishing, and the need to protect sensitive data;
(3) EIG purchases $100m of cyber risk coverage from a top-rated insurance carrier.
- Discuss the importance of metrics and tolerances in a firm’s OR framework.
- For each of the top 3 ORs you developed in the previous assignment, design
- one key metric (for each of the top 3ORs)
one tolerance (to go along with the key metrics) above which the breach will be reported to executive management and the board