Your Top Five Cyber Risks in Five Clicks with the Free Cyber Risk Analysis

FREE RISK ANALYSIS
Request Demo

The CyberSaint team is dedicated to providing new features to CyberStrong and advancing the CyberStrong cyber risk management platform to address all your cybersecurity needs. These latest updates will empower you to customize assessment workflows, access NIST 800-30 risk templates, and leverage automated risk re-evaluation for enhanced risk remediation

Additionally, we’ve made it possible for users to assess themselves against the Advisen data set for risk benchmarking using custom assessments and frameworks. This update also includes significant updates to crosswalking that address customer ease and access between frameworks. 

Crosswalking V.2

CyberStrong users have limited capabilities to conduct custom crosswalks with the current configuration. The CyberSaint team manually configures the custom crosswalk behind the scenes for the customer. Now with the update, users can crosswalk all frameworks to all other frameworks available in the customer’s environment. The new version of crosswalking leverages a new AI endpoint to crosswalk between two frameworks in real time. 

Additionally, Crosswalking V.2 allows users to update the crosswalk and crosswalk template workflows to add the ability to add any control/control action from the source framework to the current control/control action.

Learn more about the CyberStrong approach to crosswalking and automating mapping between cybersecurity frameworks

Automated Assessment & Framework Creation 

For CyberStrong users to benchmark against the Advisen data set, users need to create custom assessments and frameworks. With the new update, users with the Compliance Hub can quickly assess themselves against their top five Advisen risks and associated controls. 

Customers can use the Advisen risk data from the Compliance Hub home page to assess the controls mapped to those risks.

Custom Assessment Workflow 

Custom workflows are currently only applied to the control, not the risk assessment. Clients need a way to define custom assessment workflows, such as QA/Review steps, before completing the cyber risk assessment. Leveraging the control workflow capabilities, customers can expand workflows to support assessments. Team administrators can now create, edit, or delete assessment workflows and associate them with assessments. 

NIST 800-30 Risk Templates

Large clients and partners are using multiple risk dashboards to manage their risks. However, there is no easy way to copy risks from one risk dashboard to another. 

Now, CyberStrong users can save risks as templates for reuse. Templates allow clients and partners to save time, maintain consistency, and simplify the process of creating risks between dashboards, applications, or business units. They provide a starting point, making focusing on assessment, remediation, or customization easier than starting from scratch each time.

This update only applies to NIST 800-30

Automated Risk Re-evaluation

For CyberStrong users to understand residual risk, the platform must be able to automatically re-evaluate risks based on mapped control status. Currently, the assessment of controls does not update risks for NIST 800-30 or FAIR risk assessments.

With this new update, customers can implement a variation of the FAIR Controls Analytics Model (FAIR-CAM) to re-evaluate both FAIR and NIST 800-30 risks. Although FAIR-CAM provides a blueprint for risk re-evaluation, each organization may want to customize the model. 

Team administrators can adjust category weight and control implementation % as part of their risk re-evaluation model. 

For example, the administrator can use this update to: 

  1. Adjust the default weight for each control type to custom settings. Default values for each category will be:
    1. Prevention = 90% - frequency
    2. Detection = 4.5% - magnitude
    3. Response = 4.5% - magnitude
  2. Use the assessment scoring results to set the control implementation % for each control.
    1. Once set, users can see:
      1. Weight and control implementation percentage will be used to re-calculate any residual risk, including industry risks, in the risk register.
      2. Residual risk can be displayed in the following locations, at a minimum:
        1. On the Risk Register as Financial Impact of Risks (800-30)
        2. On the Executive Dashboard as Your Top Cybersecurity Risks by $ (800-30)
        3. The individual risk (NIST 800-30 and FAIR)
        4. An updated risk trend graph that accurately depicts residual risk.

Leverage a cybersecurity risk register template here.

You may also like

Putting the “R” back in GRC - ...
on October 22, 2024

Cyber GRC (Governance, Risk, and Compliance) tools are software solutions that help organizations manage and streamline their cybersecurity, risk management, and compliance ...

October Product Update
on October 17, 2024

The team at CyberSaint is thrilled to announce the latest additions and updates to the CyberStrong solution. To start off, we’ve made it easier to create an assessment and risk ...

Transforming Cyber Risk ...
on October 12, 2024

In today’s complex cyber landscape, managing risks effectively isn’t just about identifying threats—it’s about understanding their impact and knowing how to prioritize ...

Step-by-Step Guide: How to Create ...
on September 23, 2024

Cyber risk management has become more critical in today's challenging digital landscape. Organizations face increased pressure to identify, assess, and mitigate risks that could ...

From Fragmentation to Integration: ...
on September 17, 2024

Organizations are often inundated with many security threats and vulnerabilities in today's fast-paced cybersecurity landscape. As a result, many have turned to point ...

How to Create a Comprehensive ...
on September 9, 2024

Cyber threats are becoming more frequent, sophisticated, and damaging in today's rapidly evolving digital landscape. Traditional approaches to cyber risk management, which often ...