Though there are 5 cybersecurity domains defined, as depicted below, the majority of Credit Unions that we work with often skip the most important aspect of the ACET – the definition of the Inherent Risk Profile.
The Inherent Risk Profile identifies activities, services, and products organized by technologies and connection types, delivery channels, online/mobile products and technology services, organizational characteristics, and external threats. At first glance, it may appear to be an overwhelming task and you may think “OK, I’ll come back to this later after I implement the components of the Cybersecurity Maturity Domains.” Perhaps the best way to look at the Inherent Risk Profile is to compare the ACET to a recipe for baking a pie.
The Cybersecurity Maturity phase is essentially the ingredients for making your pie. Though these are necessary in order to create the pie, without knowing the ingredient measurements, you will have a very hard time turning the raw ingredients into something that is edible. This is where the Inherent Risk Profile phase comes into play. By identifying the risks for each category, your CU will be able to measure the amount of additional effort that is required to reduce your overall risk.
Returning to the pie analogy, the Inherent Risk Profile tells you how much (risk) of each ingredient (maturity domain) is required to make the best pie (ACET-based cybersecurity assessment) for your CU. It should be noted that the Inherent Risk Profile recipe and Cybersecurity Maturity ingredients will differ from CU to CU just like a pie will taste different from region to region based on available ingredients and kitchen available.
If your CU needs help better understanding the recepie or ingredients for a successful ACET pie, Lares
would be happy to help. Please contact us today
and we’ll make sure that your cybersecurity program is the best program for your CU, your employees, and your members.