Bridge the
Executive - Practitioner Gap to Optimize Cybersecurity Budgets
NIST CSF 2.0 offers an architectural blueprint for using risk management to improve cyber posture.
Gartner's CTEM process also emphasizes the importance of risk management.
​
However, there remains an obstacle to successful implementation – the Executive-Practitioner gap.
Managers' Challenges
Whether or not you are using NIST CSF for risk management, Figure 5 on page 10 of The NIST CSF 2.0 PDF shows how Executives, Managers, and Practitioners should work together to "understand, assess, prioritize, and communicate cybersecurity risks and the actions that will manage those risks."
​
Managers in the middle face two challenges. First, they are responsible for building Profiles and allocating cybersecurity budgets across selected outcomes and controls.
​
Second, they are responsible for translating changes in individual control performance, validation, and posture metrics to changes in risk.
The Adaptive Cybersecurity Stack
Monaco Risk developed "The Adaptive Cybersecurity Stack (TACS)" to help "Managers" bridge the gap between Executives and Practitioners.
​
Monaco Risk leverages Continuous Threat Exposure Management and Adversarial Exposure Validation tools to improve the credibility and usefulness of its "Moneyball" approach to cyber risk management.
​
Monaco Risk connects MITRE ATT&CK® exposure - coverage maps to the cyber risks that concern Executives.
​​
