Alliance For Cyber Risk Governance
A TechDemocracy initiative
Proud founders and supporters of the ACRG

Mobile Navigation


What is an ACRG Working Group?

An ACRG working group will play a pivotal role in advising the Alliance and gathering recommendations to accelerate the cyber risk framework’s development and broad adoption. Four working groups aligned to four focus areas of integrated cyber risk governance programming (as viewed in the infographic below) will be established. These groups include: Informed, Secured, Governed, and Resilient.

What is our overall objective?

Our collective efforts will ensure the development of a standard framework for cyber risk governance that will provide long-term value to organizations around the globe. The overarching goal of the Alliance is to elevate executive understanding and management of cyber risk to the same level as other risks routinely governed by business leaders such as operational, financial, credit market and reputational risks.

What is missing is a standardized way to measure, track, monitor and discuss cyber risk. We are committed to bridging that gap by creating a cyber risk standard that can eliminate the communication barriers between operations, management and boards surrounding cyber risk, and provide a basis for measuring and governing it.

How to Join the Group

Please review the working group descriptions below to determine which one(s) match well with your experience.
Then, please contact Gautam Dev or Ken Pfeil to sign up.

Working Group Descriptions

Each group will work collaboratively on its focus topic to produce recommendations for its part of the overall cyber risk framework. Recommendations will include:

  • Determining which security technologies must be considered
  • Defining standardized use-cases
  • Developing methodologies for risk scoring and other metrics
  • Cross-correlating cyber risk governance with other related areas of enterprise risk

It is expected that these recommendations will also take into account the six concentrations associated with a typical IT infrastructure environment: entity, device, network, application, data, and platform.

The names and areas of focus topics for the proposed four working groups are:


This group will look to determine how well aligned cyber risk strategies are to corporations’ business needs to determine where limited risk visibility exists.


This group will look at the state of secure and compliant cybersecurity technologies in today’s corporations and explanations for why solutions may be falling short in meeting their objectives of protecting business innovation and classified data.


This group will look at corporations’ current risk metric use cases and successes maintaining continuous visibility of cyber risk posture and compliance adherence.


This group will look at corporations’ cyber attack readiness, response and restoration capabilities. Identify current disconnects in organizations preventing corporations from improving in these three areas.

Cyber Risk Program

When will Working Groups Present their Findings and Recommendations?

Groups will present at the Alliance’s second meeting to take place in Q2 2018. The Alliance will share more details on date and location in January.