GRC Sphere’s BreakPoint Program Features Cyber Methodologies


Phil Wilson; Founder & Executive Director
GRC Sphere

Telephone: (978)456-8253
Email Address: [email protected]
Web site address:


GRC Sphere’s BreakPoint Program Features Cyber Methodologies

Harvard, MA; August 23rd, 2018 — The GRC Sphere ( a member-based Industry Benchmarking Consortium based in Harvard, Massachusetts announced today, along with three other industry leaders, their strategic cybersecurity Industry Benchmarking Consortium and emerging benchmarking standard titled, The BreakPoint Risk Loss Threat (RLT) Industry Benchmarking and Reporting Program. The BreakPoint Program Initiative helps companies to become more efficient in transforming processes and practices to achieve a new level of cybersecurity excellence, enterprise-wide. Today’s press release spans three dimensions as follows; 1.) methodologies being used, 2.) technologies being employed and 3.) education being offered. The unique cybersecurity methodologies are covered in this release.

Today’s BreakPoint program methodologies announcement concerns these corporate leaders in alphabetical order along with their specific program role:


GRC Sphere ( – Industry Consortium Management


Hypercube Ltd. ( – BreakPoint Standard Development & Collaboration Management 


NISTCSF.COM ( – Education Certification Management


Strategic Risk Associates ( – System-of-Record Technology Management

The BreakPoint Program Initiative includes methodologies which offer companies a better way to fight cybercrime and cyber warfare. They are as follows:

Shared Industry Intelligence Methodology - The Shared Industry Intelligence Methodologyprovides the Cognitive Benchmarking and Collaboration Model for the BreakPoint Program Initiative. The methodology has 5 domain components:

Measurement / “Nervous System” Domain – The Measurement / “Nervous System” domain spans a number of advanced measurement methods which are used across BreakPoint’s Crowdsourcing, Benchmarking, Indexing, Risk Assessment, Cyber Breach and Incident Analysis and other practice areas. The Risk Loss Threat (RLT) measurement data sets are sent to the Brain Center for analysis and trending in near real-time.

Analysis / “Brain Center” Domain – The Analysis / “Brain Center” domain includes a system-of-record called the Cognitive Benchmarking Engine (CBE) which manages crowdsourced data. The system slices, dices and filters the industry benchmarking data according to NAICS and SIC codes as well as other demographic filters. Performance indicators are then used to analyze, trend and organize Risk Loss Threat (RLT) data and document Key Performance Questions (KPQ’s), Key Performance Indicators (KPI’s), Key Risk Indicators (KRI’s), Key Compliance Indicators (KCI’s), Key Internal Control Indicators (KICI’s) and others which are organized by Process Classification Codes (PCC). “The CBE is oriented to our Partners who can white-label the system”, said Phil Wilson, GRC Sphere’s Executive Director. “They can manage and run their own industry benchmarking communities, autonomously.”

Knowledge Management / “Fast Learning” Domain – The Knowledge Management / “Fast Learning” domain combines mission-critical data points which are used in both internal and external benchmarking. These data points are then documented for each type of performance indicator which is being scrutinized by management. “Fast Learning” is the essence of Continuous Improvement. It connotes the unlocking of the strategic value contained within the practices of industry benchmarking and maturity modeling as used across Governance, Risk, Compliance, Cybersecurity and any other functional area of an enterprise.

Collaboration / “Centers-of-Excellence” Domain – The Collaboration / “Centers-of-Excellence” domain concerns Communities-of-Interest and Communities-of-Practice which are found within BreakPoint’s Professional Networked Community (PNC) platform titled GRC Connect. These communities are organized into both industry verticals known as Executive Think Tanks and Industry Clusters as well as horizontal application areas known as Special Interest Groups (SIG’s).

BreakPoint Risk Loss Threat (RLT) “Open Standard” Domain – The BreakPoint RLT Industry Benchmarking and Reporting specification represents our (emerging) “open standard” by which GRC Sphere members aggregate and share anonymized data in near real-time.

NCSF Controls Factory™ Model - The NCSF Controls Factory Model™ (NCSF-CFM) is the centerpiece of the NCSF-CSF Certification Curricula. Developed by Larry Wilson, former CISO, in the UMass President’s Office, CFM teaches organizations how to operationalize the NIST Cybersecurity Framework controls across an enterprise and its supply chain. The Controls Factory Model has three main areas of focus: the Engineering Center, the Technology Center and the Business Center. The Engineering Center organizes engineering functions and capabilities such as threats, vulnerabilities, assets and controls. The Technology Center organizes the key technical design guides, build guides, managed security solutions, testing and assurance functions. The Business Center organizes the business functions associated with people and policy including design, build, advisory, employee training along with business and assurance testing. It also includes a capability for executives to evaluate Risk Management practices based on the NIST Baldridge Cybersecurity Executive Builder (BCEB) Framework.

Cybersecurity Convergence Methodology - BreakPoint’s Cybersecurity Convergence Methodology helps companies create compelling strategic shareholder value by changing “Ways-of-Thinking” and “Ways-of-Working” in order to transform an enterprise from the as-is state of reactionary cyber practices and weak preparedness to the to-be state of progressive cyber resilience and exceptionally strong cybersecurity preparedness and cyber incident / breach response.

CyberRankings 500 Methodology - BreakPoint’s CyberRankings 500 Methodology compares publicly-traded corporations based on their cyber preparedness, their cyber states of behavior and their performance using nine measures of Strategic Shareholder Value. This methodology then rates companies using advanced measurement contained within BreakPoint’s Cybersecurity Convergence Maturity Model (BreakPoint CCMM).

NIST Cybersecurity Framework Methodologies - The BreakPoint Program is based on the National Institute of Standards and Technology (NIST) best practice frameworks which are devoted to cybersecurity performance excellence. The first practice is the NIST Cybersecurity Framework (NCSF). The second is the NIST Baldrige Cybersecurity Excellence Builder (NIST BCEB). The NCSF framework addresses a set of discrete internal controls which need to be planned, designed, implemented, managed and improved across an enterprise. The second framework, NIST BCEB, enables the building of a cybersecurity business plan to guide a global enterprise on its journey to achieve the hallmark of cybersecurity performance excellence known as “Cybersecurity Convergence”. This state of enterprise-wide achievement equates to Level 5 on a five level process-oriented maturity model.

# # #

For additional information or a software demonstration, please contact:

Phil Wilson; Executive Director;
The GRC Sphere

Telephone Number - (978) 456-8253
Email Address: [email protected]
Web site address:

About The GRC Sphere

The GRC Sphere is a newly emerging member-based Industry Benchmarking Consortium spanning the domains of Governance, Risk and Compliance (GRC) and Work Excellence (WE). The mission of the organization is to reinvent the strategic vision and value of GRC to foster progressive "Ways-of-Thinking" and "Ways-of-Working". Our consortium,, serves executives, finance, accounting and GRC professionals around the world. We’re based in the United States, but our perspective is truly global in nature. We invite you to join us by contacting us at [email protected]


Post new comment

The content of this field is kept private and will not be shown publicly.