Cybersecurity
Cybersecurity covers the capabilities needed to reduce business risk from cyber threats: understand what must be protected, prevent and detect attacks, respond effectively to incidents, and recover quickly while meeting regulatory and customer expectations.
Cybersecurity is a business capability: it protects revenue, customer trust, operational continuity, and regulatory standing. This tree organizes the key capabilities in a way that helps business analysts and stakeholders discuss scope, ownership, outcomes, and dependencies.
Outcomes¶
- Reduced likelihood and impact of cyber incidents
- Faster detection and response, with clearer accountability
- Improved audit readiness and evidence quality
- Better prioritization of security investments based on business criticality
- Increased resilience and faster recovery for critical services
Components¶
- Govern — operating model, policies, risk, compliance
- Identify — understand assets, exposures, and scenarios
- Protect — preventative controls and risk reduction
- Detect — monitoring, alerting, and investigation triggers
- Respond — incident handling and communications
- Recover — restoration, continuity, and resilience
GenAI-enabled execution¶
GenAI can accelerate security work by delegating well-scoped tasks to highly specialised autonomous agents (e.g., triage assistant, evidence collector, policy mapper, incident scribe). These agents must be guardrailed by approved scope, explicit approvals for high-impact actions, and traceable provenance of every claim and artifact. An EKG can provide the authoritative context (assets, owners, dependencies, controls, incidents, policies) that keeps agent actions relevant and auditable.