Skip to content
Adversarial

CyberGov

The Cybersecurity and Privacy Governance Committee (CyberGov) is a recurring governance meeting that connects executive stakeholders with the organization’s cybersecurity risk posture. Adversarial supports CyberGov by generating the charter, populating meeting content from your risk register, and producing reporting decks.

Charter

Section titled “Charter”

The CyberGov Charter is generated from the Compliance module. Distribute the charter as a pre-read before the initial meeting so participants understand the committee’s purpose and scope before the first session.

For details on generating and customizing the charter, see the Charter section of the Compliance guide.

Initial Meeting

Section titled “Initial Meeting”

The first CyberGov meeting should be longer than subsequent sessions — plan for 90 minutes. Devote the extra time to:

  1. Introducing the Threat Profile — Walk through the six Threat Objectives, using examples from well-known news stories to make each objective concrete.
  2. Explaining the scoring rationale — Present the current likelihood and impact scores in an open, inviting manner. Encourage discussion and questions about why objectives are scored the way they are.
  3. Connecting to Key Risks — Mention early that a list of Adversarial Key Risks (AKRs) underpins these objectives. AKRs will be assigned to team members to evaluate or deploy controls, so participants understand there is operational follow-through — and motivation to not rate everything at maximum values.

The charter can serve as the meeting’s pre-read, setting expectations for what will be covered.

Ongoing Cadence

Section titled “Ongoing Cadence”

After the initial meeting, CyberGov should meet quarterly. Target 60 minutes per session. The recurring agenda draws from the latest risk register data, incident summaries, and threat profile changes.

Connection to Governance Reporting

Section titled “Connection to Governance Reporting”

CyberGov meetings are supported by reporting decks generated from the Compliance module:

  • Board Deck — A condensed summary for board-level reporting.
  • CyberGov Report — A longer version with additional detail on high/critical-urgency risks and Sev1–Sev3 incidents.

Both report types are available from the Governance Reporting section of the Compliance page. Use the CyberGov report as the basis for each quarterly meeting’s discussion.