Platform and Market Analysis Report

INTEGRATED CYBER ANALY TICS &

OPERATIONAL RISK MANAGEMENT

“RiskTech”

Presented to:

Jeremy Vaughan

CEO & Co-Founder

TauruSeer

Presented by :

Jem Pagán

President

B luSky Consul t ing

December 3, 2019

Copyright 2019 TauruSeer Platform and Market Analysis Report PG. 2

T A B L E of C O N T E N T S

Platform and Market Analysis Report...................................................................1

The New Differentiated Cyber Security Offering...................................................3

Cyber Analytics + Operational Risk Management (ORM) = RiskTech ....................3

Market Drivers for Integrated Risk Management + Cyber Solutions .....................4

Data Breach Study of Metrics, Challenges & Costs ..............................................5

Why TauruSeer?...................................................................................................7

TauruSeer Market Differentiation........................................................................8

TauruSeer Platform Assessment..........................................................................9

GRC to Integrated Risk Management (IRM)........................................................10

Current Market Offerings vs. TauruSeer .............................................................11

Company Overview............................................................................................12

About BluSky.....................................................................................................13

Attributions.......................................................................................................14

Disclaimer.........................................................................................................15

Copyright 2019 TauruSeer Platform and Market Analysis Report PG. 3

The New Di f ferent iated Cyber Secur i ty Of fer ing :

Cyber Analytics + Operational Risk Management (ORM) = RiskTech

The old cliché, “what cannot be measured cannot be managed” has given way to, “what

cannot be monitored, cannot be managed”. In this digital economy the difference between

measuring and monitoring is time. “Measurement” implies periodic, monitoring is continuous.

The most effective solutions for global enterprises require solutions to operate in

continuously for optimal risk management. The TauruSeer story is not about the latest shiny

gadget or cool software app. Its value proposition addressed the common understanding

among cyber and risk professionals that the evolution of sophisticated cyber -attacks has

placed global enterprises and governments in high cost and high -risk operational modes, and

now risk awareness must be instantaneous and risk levels must be quantifiable to deliver

global business continuity.

What is interesting and investment worthy, is the early stage development of an emerging

market which is being defined as Integrated Risk Management (IRM) or “RiskTech” by

Gartner, Deloitte, Accenture, Chartis and other global consulting firms. For the purpose of

providing clarity, BluSky defines ‘RiskTech’ as the integration of cyber security and

operational risk management to offer analytics-driven models of operational and security

insights for consumption by multiple levels of management and operations in global

enterprises from a ‘single source of truth’. Gartner defines IRM solutions as “the combined

technology, processes and data that serves to fulfill the objective of enabling the

simplification, automation and integration of strategic, operational and IT risk management

across an organization.”

According to Gartner’s 2017 inaugural forecast of

the integrated risk management (IRM) software

solutions market. The IRM market — formerly

referred to as “governance, risk management and

compliance (GRC)” — is estimated to have grown

by 17.4% from 2014 to 2015 and by 17% from

2015 to 2016. The market is projected to grow at

a 13.4% compound annual growth rate (CAGR) to

reach $7.3 billion by 2020, from $3.9 billion in

2015. This market coupled with the current

$96.3bn 2018 enterprise security spend, up 8%

from 2017, represents the next generation of

cyber security and cyber analytics for global

enterprises. Incumbent cyber vendors without a

comprehensive RiskTech offering, will experience an urgent need to acquire or partner with

IRM providers to cover key gaps in their cyber product portfolio.

According to John A. Wheeler, Senior Director Analyst - Integrated Risk Management for

Gartner, the IRM market / RiskTech market is the largest of all the solutions provider markets

covered by Gartner in the security & risk management (SRM) software ecosystem. It also

ranks third highest in terms of estimated profitability margin.

As a result, Wheeler forecasts has designated IRM as one of the most dynamic software

markets within Gartner’s coverage and looks to be one to watch for the next several years.

It is our observation that organizations such as: Factor Analysis of Information Risk (FAIR),

Accenture Cyber Research, Chartis, Risk.net, Protiviti, Deloitte, KPMG, McKinsey, EY, etc.

Copyright 2019 TauruSeer Platform and Market Analysis Report PG. 4

have also identified this market as the next major growth opportunity in cyber security, which

is the integration of operational risk management to formulate a near -real time capability for

enterprises to monitor business risk, threat detection, behavior analysis, business continuity

and operational efficiency as a single integrated platform. Gartner research estimates the

broader risk management market is forecasted to reach $17.1 billion by 2021 from $11.0

billion in 2016 at a compound annual growth rate (CAGR) of 9.2%, from 2016 to 2021.

Growth into the overall risk management market is achievable through adoption of additional

components as illustrated in Figure 1 (above). In the August 2019 Gartner IRM Report,

Wheeler estimates by 2023 more than 60% of enterprises will have adopted an integrated

risk management program, which is an increase from fewer than 40% in 2019.

Market Dr ivers for Integrated Risk and Cyber Solut ions

The World Economic Forum (WEF) identifies technological risks, in the form of operational

disruption and cyber vulnerabilities, among the top ten risks in terms of likelihood while

critical information infrastructure breakdown is among its top ten risks in terms of impact.

These identified risks are not mutually exclusive. The primary driver for global enterprises in

terms of risk management, is to transition from a post -mortem remediation process to a

proactive risk mitigation and management state, to reduce or mitigate brand exposure,

clean-up costs and business disruption.

Enterprises of all sizes realize that cooperation within its key business and IT units is an

essential starting point to mitigate cyber vulnerabilities, resilience, or performance issues.

These coordinated efforts must be platform-driven, to provide a ‘single source of truth’ for

preemptive and coordinated responses (in-the-moment) to enterprise-wide risks.

The past decade of increased sophisticated cyber -attacks has shed light on the essential

need for operational and cyber security team to maintain a consistent state of communication

and coordination to optimize their pre-planned responses. Increased risk and exposure at the

board level is another driver for solutions that provide coordinated insights and alignment of

business operations with executive and senior -level management to decrease the mean-time-

to-recovery and sustain business continuity.

Discussion, interviews and research of 1,000+ executive management personnel by BluSky

over the past (4) years has supported the conclusion that institutions want to establish

controls to manage cyber risk from the top down. However, as noted in the research report

provided by Deloitte [Operational Risk Management: The New Differentiator], while executives

are familiar with the basics of firewalls, malware and phishing, they are struggling to integrate

the technical aspects of cyber security with the people, technology, and process risks that

operational risk management is designed to monitor and control. Thereby creating a ‘ gap’ in

the market and a need for integrated cyber and operational risk management solutions.

There seems to be no discrepancy with the conclusion that data and technology breaches

result in loss of revenue and the amount of loss is proportional to the level of exposure

caused by breaches. A cost-based assessment to operational and cyber risk was provided by

the Ponemon Institute, (the tech industry’s gold -standard benchmark research), to gain an

accurate perspective of the level of risk in terms of cost and operational deficiencies. The

2019 ‘14th Annual Cost of a Data Breach’ independent study, conducted by the Ponemon

Institute, reports the global average cost of a data breach increased to $3.92 million, which is

also caused abnormal customer turnover of 3.9 percent in 2019. The average cost for each

lost or stolen record containing sensitive and confidential information also increased to $150

per stolen record. See Figure 2 - July 2019 “Cost of a Data Breach Global Study: Independent

Research Report - Ponemon Institute.

Copyright 2019 TauruSeer Platform and Market Analysis Report PG. 5

Their July 2019 report found that the average total cost of a data breach; the average cost for

each lost or stolen record (per capita cost); and the average size of data breaches have all

increased beyond the 2018 report averages:

► The average total cost increased from $3.86 to $3.92 million, a 1.5 percent increase from 2018

► The average cost for each lost record increased from $148 to $150, a 1.3% increase from 2018

► The average size of the data breaches increased by 3.9 percent since 2018

The unique aspect of the Ponemon Institute cyber study has been its consistent focus over

the past five years, on the relationship between how quickly an organization can identify and

contain data breach incidents and the financial consequences associated with the breach:

► The mean time to identify (MTTI) was 206 days (increased from 197 days in 2018)

► The mean time to contain (MTTC) was 73 days (increase from 69 days in 2018)

► Companies that contained a breach in less than 30 days saved over $1.22 million vs. those that took

more than 30 days to resolve.

NOTE: For the first time, Ponemon Institute examined ‘cost amplifiers’ of organizational and

security challenges having significant potential as ‘cost mitigators’ in security automation:

► complexity of IT systems and software

► compliance failures

► cloud migrations

► third-party risks and breaches

► extensive IoT, mobile, and OT environments

► lack of processes and coordination of security, development, and IT operations functions (DevSecOps)

For the second time, the institute analyzed and measured the cost of a data breach involving

more than one million compromised records, or what they refer to as a mega breach:

► The average cost of a breach for organizations that fully deploy security automation is $2.65 million

► Without automation, estimated cost is $5.16 million, a $2.51 million net cost difference

► The extensive use of IoT and mobile devices increased cost by $2 per compromised record

► A mega breach of 1 million records yields an average total cost of $42 million

► A mega breach of 50 million records yields an average total cost of $388 million

Figure 2 - July 2019 “Cost of a Data Breach Global Study: Independent Research

Report - Ponemon Institute

Copyright 2019 TauruSeer Platform and Market Analysis Report PG. 6

Their conclusion: (4) process-related activities drive a range of expenditures associated with

an organization’s data breach: detection, escalation, notification, business loss, and related

activities conducted following a data breach.

The (4) cost centers are:

In the course of their interviews, the Ponemon Institute asked questions to determine what the

organization spent on activities for the discovery of and the immediate response to the data breach,

such as forensics and investigations, and those conducted in the aftermath of discovery, such as

the notification of victims and legal fees. Other issues covered that may have an influence on the

cost are the root causes of the data breach and the time to detect and contain the incident.

1. Detection and escalation: Activities that enable a company to detect and report the breach to

appropriate personnel within a specified time period. Examples: – Forensic and investigative

activities – Assessment and audit services – Crisis team management – Communications to

executive management and board of directors.

2. Post data breach response: Processes established to help individuals or customers affected by

the breach to communicate with the company, as well as costs associated with redress

activities and reparation with data subjects and regulators. Examples: – Help desk activities/

inbound communications – Credit report monitoring and identity protection services – Issuing

new accounts or credit cards – Legal expenditures – Product discounts – Regulatory

interventions (fines).

3. Notification costs: Activities that enable the company to notify individuals whose data was

compromised in the breach (data subjects) as regulatory activities and communications.

Examples: – Emails, letters, outbound telephone calls, or general notice that personal

information was lost or stolen – Communication with regulators; determination of all regulatory

requirements, engagement of outside experts.

4. Lost business costs: Activities associated with cost of lost business including customer churn,

business disruption, and system downtime. Examples: – Cost of business disruption and

revenue losses from system downtime – Cost of lost customers and acquiring new customers –

Reputation losses and diminished goodwill.

According to the institute, in this year’s study, organizations experienced increases in both

the time to identify and the time to contain a breach. Unfortunately, current reactive systems

fail to bridge the gap that exists between cybersecurity and risk management. Evidence of

this fact is illustrated by the fact that risk management has little to no knowledge of risk as it

is happening. Similarly, risk management teams have little visibility into the actual

operational cyber risk incurred by the organization (or the rate of change of this risk over

time). It seems that risk managers can only provide oversight to the tools to avoid or respond

to risk, but they have little or no proactive insights to the risks that arise in near real -time–

[where this risk originates from, how quickly it was mitigated, what operations were at risk,

how operational risks translated to business risk, or worse yet what risk remain unchecked,

unmanaged, or un-mitigated and still active within the enterprise].

Copyright 2019 TauruSeer Platform and Market Analysis Report PG. 7

These facts give rise to the new breed of risk technologies that bridge the gap between

cybersecurity and risk management. These new technologies provide better awareness,

insight for immediate decision-making, and control into operational risk present in the

enterprise and the potential business risk that exists if these risks remain unchecked.

In addition, IRM solutions can shed light to risk trends within the enterprise, illustrating the

velocity and severity of detected risks, the affected applications, processes and devices,

enabling proactive actions to remediate vulnerable or affected systems or practices.

One company addressing this emerging technology is Florida based TauruSeer. With deep

roots in software development and cybersecurity, TauruSeer’s latest release of its SaaS

platform bridges the gap between cybersecurity and operational risk management by utilizing

both behavior- and anomaly-based detection methodologies along with proprietary risk

maturity guidance and risk scoring methodologies. Fueled by patent -pending technology,

artificial intelligence (AI) and machine learning technologies. TauruSeer’s software is a poster

child for functionality that bridges the gap between cyber security and risk management.

Why TauruSeer™? TauruSeer is engineered and deployed to help businesses dynamically monitor, identify, and

assess the impact of cyber risk on their security, IT, and development operations as it is

occurring to safeguard their digital assets and act immediately to ensure business continuity.

TauruSeer provides patent-pending and advanced technology that monitors, identifies, and

assesses risk as it is happening, empowering security teams and executives to see high -risk

activity, drill down on these activities and act immediately, protecting their organization from

lost revenue, brand reputation damage, legal action and business interruptions.

TauruSeer is the assurance that executives and their boards must have to protect the

organization’s digital assets, their brand reputation, avoid legal issues, ensure compliance

and maintain the continuity of their operations. Additionally, executives are being held

personally responsible and need to protect their careers and reputations. They need a

solution that will empower their security, development, and IT operations teams to speed the

process of identifying and mitigating cyber risk in a continuous threat -driven digital economy.

The TauruSeer team understands that simply detecting an anomaly is not enough. In today’s

threat environment, cyber risk solutions must deliver deeper information to operations and

security professionals, so they can differentiate which alerts, among thousands, potentially

have the most serious impact on their organization, and in what order, to resolve them and

understand within seconds what the risk is, where it started, its extent and more. The

following list summarizes the current challenges experienced by enterprise security,

development, and IT operations teams due to the proliferation of point and disjointed cyber

solutions that provide a ‘piece’ of the answer but operate in isolation thereby causing

‘information overflow’ and uncoordinated responses to vulnerabilities, risks, and breaches.

Current Chal lenges in SOC and Operat ional Management

SOC are currently severely impacted by their inability to:

1. Detection of suspicious activity – early in the development and delivery life cycle.

2. Prioritization of risks – reports from operators that risks, controls, and incidents are

selected at random for research.

3. Volume of alerts – the word “overwhelmed” is common from SOC operations teams.

Presence of false positive alerts further compounds this fact.

Copyright 2019 TauruSeer Platform and Market Analysis Report PG. 8

4. Research & Validation – often takes hours, days, weeks or more. The validation of

the DNC breach in 2016 took nearly 6 months to complete.

5. Understanding – often missed. The goal is to transform information into

understanding – ‘AhHa’ effects on applications, devices, and processes.

6. Response – taking the appropriate action at the appropriate time.

BluSky has deployed a production release of TauruSeer in our data centers to analyze and

assess their RiskTech offering. Our assessment of TauruSeer technology demonstrated their

capability to:

• Surface the highest-value risk alerts as they are happening by leveraging patent -

pending analytics to reduce “noise” from among thousands of alerts – visually

pointing to risk events that have the most potential impact on business operations.

• Rapidly prioritize those alerts by assigning an impact score that prioritizes the order

of resolution

• Identify key details such as the extent and root cause of each high -risk alert so

security, development, and operations professionals can rapidly eliminate the

problem before it impacts operations

TauruSeer™ Market Differentiation – An Answer to the Ponemon Institute Cyber Study:

The Ponemon Institute report concludes that effective management of detection and

escalation costs and communications to executive management and board of directors

requires an investment that establishes an internal framework for satisfying governance

requirements, evaluating risk across

the enterprise and tracking

compliance with governance

requirements to improve an

organization’s ability to detect and

escalate a data breach. As reported

in the study, insurance protection

and business continuity

management (BCM) reduced the cost

of a data breach following the

discovery of the incident. In contrast,

the rush to notify victims without

understanding the scope of the

breach, compliance failures, and the

engagement of consultants to assist

in the remediation of a data breach

all increase post data breach costs.

Expenditures to resolve lawsuits

also increase post data breach

costs. Certain industries have higher

data breach costs. As can be seen

below in Figure 4, heavily regulated industries such as healthcare and financial organizations

have a per capita data breach cost substantially higher than the overall mean. Public sector,

research, media and transportation organizations have a per capita cost well under the

overall mean value.

Figure 3 Note: Per capita cost is defined as the total cost of

data breach divided by the size of the data breach (i.e., the

number of lost or stolen records).

Copyright 2019 TauruSeer Platform and Market Analysis Report PG. 9

Market Growth Driver for

TauruSeer™: According to the

Ponemon Institute Study and

other market studies, the faster

cyber vulnerabilities can be

identified and contained, the

lower the costs. Both the time to

identify and the time to contain

were highest for malicious and

criminal attacks. Companies that

identified risks in less than 100

days saved more than $1.22

million as compared to those

that took more than 100 days.

Similarly, companies that

remediate risks and contain

breaches in less than 30 days

saved more as compared to

those that took more than 30

days to resolve. However, the

reality is that the mean time to

identify (MTTI) is 206 days and

the mean time to contain (MTTC) is 73 days which further justifies a proactive, faster system

to insight on the part of enterprises.

TauruSeer™ Platform Assessment by BluSky Cyber and Operational teams:

Our MSP team installed an independent instance of TauruSeer to formulate a summary of its

product functionality and production readiness. The following key features represent a

summary of our team’s findings and the market relevance for key functionality of TauruSeer:

S tream-T ime Processing

Our experienced team understands that legacy or ‘point solution’ cybersecurity systems have

to backhaul, or store, data before they can perform the functions necessary to detect threat

behaviors (i.e., SIEM platforms). Our assessment revealed that TauruSeer acts on data before

that data comes to rest, resulting in quicker risk remediation that balances the business

performance and regulatory compliance specifications to support Identification,

Accountability, Remediation, and Evidence requirements across the primary integrated use

cases – performance, resilience, assurance and compliance. In our opinion, this functionality

addresses the coordination of cybersecurity, digital risk, and operational risk management to

proactively address risks before Detection and Escalation requirements are necessary.

Enterpr ise -Sca le Cont inuous Moni tor ing

In our experience, legacy cybersecurity are reactive systems and rely on threat signatures to

identify attacks. TauruSeer is proactive, identifying vulnerabilities, weaknesses, and

suspicious activities that are comprised from automated analysis and correlation occurring in

software, systems, and personnel management technologies, meaning it can identify risks

and validate remediation before, during, and after digital assets are released into production

environments. This functionality addresses the coordination of cyber and operational risk

management in Secure DevOps cultures in Pre-Release and Deployment processes to

increase collaboration and efficiencies across teams, add more value to the primary

integrated use cases, and reduce Data Breach Response costs.

Figure 4 - July 2019 “Cost of a Data Breach Study: The 2019 per

capita cost by industry sector” - Ponemon Institute

Copyright 2019 TauruSeer Platform and Market Analysis Report PG. 10

Behav ioral Pr ior i t i zat ion

Our 30+ years of cyber security experience observes that SOC and DevOps professionals are

overloaded with the alert volume received from cybersecurity, GRC systems, performance

monitoring, cloud security, container security, and application security tools. TauruSeer in our

assessment, significantly eliminated data overload by reducing complexity, assigning

business intelligence and risk scoring that automatically prioritizes security operations and

assurance, resulting in a prioritized list of vulnerabilities and threat activities that allow

security, development, and operations to unite towards the same objectives and more

effectively manage risks to their applications and data. This functionality addresses the

coordination of cyber and operational risk management to reduce notification costs.

Asset Inventory & Risk Management Framework

In our experience, having a complete, accurate, and connected inventory of digital assets

from ‘code-to-cloud’ is the foundational elements to develop an adaptive security

architecture. Furthermore, implementing an automated Risk Management Framework

facilitates the evolution from check-box compliance to risk-based decision making while

supporting the demands of rapid digital innovation. A ‘platform’ enables a fluid approach to

address new risks from cyberincident disruption, new regulatory obligations and the

imperative to build customer trust. This functionality addresses the coordination of cyber and

operational risk programs to adopt a long-term, agile approach to adapting new controls and

technologies to reduce notification costs and audit costs (Detection & Escalation).

In tui t i ve Risk Invest igat ion

In our experience, it is not efficient to ‘only’ identify cyber vulnerabilities or threat behaviors —

SOC operators need the ability to quickly and intuitively explore security, compliance, and

performance risks and suspicious activities in order to rapidly gain a comprehensive

understanding of the identified risks, the extent of their potential impact, and their root

cause. In our assessment, TauruSeer makes it happen in minutes - rather than in days and

weeks. This functionality addresses the coordination of cyber and operational risk

management to reduce Lost Business costs.

Next -Gen Governance, Risk and Compliance (GRC) or ‘ IRM’

In our experience, traditional GRC has largely resulted in siloed, often overlapping tool

investments. The silos are increasingly ineffective at addressing dynamic and complex risk

environments in which digital or software businesses grow. A Product–Centric Integrated Risk

Management (IRM) approach is both top-down and bottom-up, balancing larger strategic goals

and continues throughout the software lifecycle, including Secure DevOps monitoring. For

executives, harnessed risk intelligence

across the enterprise, more effective

communication, and risk-based

business outcomes. For Secure DevOps

teams, instream risk management

principles and insights for strategic

decision making, and ’Just -in-Time

Training’ skills development to become

security, risk, and compliance subjext

matter experts. This functionality

addresses the coordination of cyber

and operational risk management to

reduce, proactively, the (4) cost

centers on Page 6.

Figure 5 - November 2018 “Why Leading Software Vendors Are

Dumping GRC for IRM” - Gartner

Copyright 2019 TauruSeer Platform and Market Analysis Report PG. 11

Summar y

The functionality and performance of TauruSeer during our deployment and assessment,

answers the high-level of vulnerability and costs associated with current cyber risk solutions

in the market today with a platform that has demonstrated the capability to add significant

cost savings and avoidance through its RiskTech offering. Figure 7 illustrates the current cost

savings and avoidance of point cyber solutions. The key takeaway is NOT that TauruSeer

displaces this list of point solutions, more so, it has the capability and potential to integrate

with these solutions and provide a consolidated dashboards for operations and Secure

DevOps professionals to simplify and organize their cyber risk framework into a ‘platform’

through TauruSeer. We conclude that as TauruSeer continues to evolve TauruSeer, the

RiskTech market will be readily recognized as the future of cyber security. The TauruSeer

summary table of feature comparisons lists the differentiation between TauruSeer’s IRM/

RiskTech solution compared to current cyber solutions.

Compet i tors ’ Focus TauruSeer Focus

Massive volume of alerts vs High-Risk Visibility

Data & Analytics, no context for

business or inventory

vs Business Intelligence &

Actionable Insights

More devices, tools, resources vs Prioritized remediation activity

Attempt to block breaches vs Rapidly mitigate risk or impact

Overwhelmed teams, misaligned

priorities/incentives

vs Risk-focused/trained teams

Remediation post breach vs Preventative/proactive response

Weeks or months to discover vs Awareness as it is occurring

Figure 6 - Current Market Offerings versus TauruSeer

Copyright 2019 TauruSeer Platform and Market Analysis Report PG. 12

Figure 7 - July 2019 “Cost of a Data Breach Study: Impact of 26 factors studied on the per capita cost of data

breach, showing cost mitigators or cost amplifiers the per record cost of $150.” - Ponemon Institute

Company Over v iew TauruSeer is a company based in the United States and headquartered in greater

Jacksonville, Florida, that is focused on helping businesses rapidly identify, prioritize,

understand and mitigate the impact of cyber risk on their organization business continuity,

operations, applications, and data.

TauruSeer Team

• Management collectively has more than 50 years of software development, technology,

and cybersecurity management experience, including a SANS Institute published author.

• Multiple prior success including software startup to operational business success, CISO at

Web.com (NYSE: WEB) & CTO executive roles, and private exit realizations to Black Knight

Financial Services (NYSE: BKFS).

• Advisory Board Members.

Copyright 2019 TauruSeer Platform and Market Analysis Report PG. 13

ABOUT BLUSKY

BluSky was founded with the mission to offer business strategy and technology

innovation services to organizations that require a pathway towards digital and

business transformation, investment analysis and market research.

To accomplish this mission, BluSky has created a hybrid team of industry leaders,

business strategist and technology innovators with proven success in next

generation business models based on ‘value-measured’ and ‘deliverables-based’

business and technology services.

BluSky understands the full ecosystem of investment, business strategy,

technology adoption and go-to-market execution and presents these deliverables

as a strategic and tactical architectural road maps through analysis, design and

implementation services.

BluSky accomplishes this by providing research, trusted advisor services,

investment strategies, and technology design and implementation offerings for

organizations to measure and maximize their return on invest.

BluSky partners with JNK Securities, a FINRA broker/dealer/research firm based

in New York City as an extension of its research platform which provides

technology research and industry analysis for institutional investors. BluSky

provides analysis in Technology, Media and Telecommunications markets that

includes the identification if market inflection points, market disruption

indicators for publicly-traded and privately-held organizations. BluSky provides

industry research analysis for (200+) institutional investment funds, retail and

family offices.

Copyright 2019 TauruSeer Platform and Market Analysis Report PG. 14

ATTUBUTIONS

https://blogs.gartner.com/john-wheeler/

https://www.linkedin.com/posts/nicolaschaillan_dod-devsecops-ref-design-activity-

6578352737090625537-XHM5

https://www.fairinstitute.org/

https://www.chartis-research.com/

https://www.risk.net/risk-management/6470126/top-10-op-risks-2019

https://www.weforum.org/reports/the-global-risks-report-2019

https://securityintelligence.com/posts/whats-new-in-the-2019-cost-of-a-data-breach-report/

https://www.ibm.com/security/databreach?

ce=ISM0484&ct=SWG&cmp=IBMSocial&cm=h&cr=Security&ccy=US

https://www.accenture.com/t20170803t055319z__w__/us-en/_acnmedia/pdf-7/accenture-cyber-risk-

convergence-of-operational-risk-and-cyber-security.pdf

https://www.ibm.com/security/data-breach

https://www.finextra.com/blogposting/12500/convergence-of-operational-risk-and-cyberrisk-management-in-fs

https://www.chartis.com/leadership/firm-leadership/dan-coate

https://erm.ncsu.edu/library/categories/c/main-nav

https://www.protiviti.com/sites/default/files/united_states/insights/nc-state-protiviti-survey-top-risks-2019-

executive-summary.pdf

https://www.bccresearch.com/market-research/information-technology/risk-management-market-report.html

https://www2.deloitte.com/content/dam/Deloitte/us/Documents/risk/us-aers-operational-risk-management-the-

new-differentiator.pdf

https://advisory.kpmg.us/content/dam/advisory/en/pdfs/technology-cyber-risk-managment.pdf

https://www.ifc.org/wps/wcm/connect/e53f24fd-d1ed-44aa-ae26-a2f806a8ade5/

Risk_Management_Department_Charter_of_FIs_model.pdf?MOD=AJPERES&CVID=my.eHSb

https://www.bankinfosecurity.com/whitepapers/conquering-complexity-in-endpoint-management-w-4383

https://www.secureworks.com/solutions/advanced-threat-protection

Copyright 2019 TauruSeer Platform and Market Analysis Report PG. 15

DISCLAIMER

This report has been compiled by BluSky. BluSky is an independent provider of

research. The views expressed within this report are BluSky’s in its entirety. The

contents of this report and its attached documents have been prepared without

taking account of your objectives, financial situation or needs. Because of that

you should, before taking any action to acquire or deal in, or follow a

recommendation (if any) in respect of any of the financial products or

information mentioned in or downloaded from or through this website, consult

your own investment advisor to consider whether it is appropriate having regard

to your own objectives, financial situation and needs.

Whilst BluSky believes the information contained in this report is based on

information which is considered to be reliable, its accuracy and completeness are

not guaranteed, and no warranty of accuracy or reliability is given or implied and

no responsibility for any loss or damage arising in any way for any representation,

act or omission is accepted by BluSky or by any officer, agent or employee of

BluSky or its related entities. BluSky at all times reserves the right to at any time

vary, without notice, the range of services offered by BluSky and its subsidiaries,

and the terms under which such services are offered. The information within this

report is our own opinion only and is not to be used in deciding for purchasing

services, acquiring, or investment.