Your Top Five Cyber Risks in Five Clicks with the Free Cyber Risk Analysis

FREE RISK ANALYSIS
Request Demo

The CyberSaint team is dedicated to providing new features to CyberStrong and advancing the CyberStrong cyber risk management platform to address all your cybersecurity needs. These latest updates will empower you to customize assessment workflows, access NIST 800-30 risk templates, and leverage automated risk re-evaluation for enhanced risk remediation

Additionally, we’ve made it possible for users to assess themselves against the Advisen data set for risk benchmarking using custom assessments and frameworks. This update also includes significant updates to crosswalking that address customer ease and access between frameworks. 

Crosswalking V.2

CyberStrong users have limited capabilities to conduct custom crosswalks with the current configuration. The CyberSaint team manually configures the custom crosswalk behind the scenes for the customer. Now with the update, users can crosswalk all frameworks to all other frameworks available in the customer’s environment. The new version of crosswalking leverages a new AI endpoint to crosswalk between two frameworks in real time. 

Additionally, Crosswalking V.2 allows users to update the crosswalk and crosswalk template workflows to add the ability to add any control/control action from the source framework to the current control/control action.

Learn more about the CyberStrong approach to crosswalking and automating mapping between cybersecurity frameworks

Automated Assessment & Framework Creation 

For CyberStrong users to benchmark against the Advisen data set, users need to create custom assessments and frameworks. With the new update, users with the Compliance Hub can quickly assess themselves against their top five Advisen risks and associated controls. 

Customers can use the Advisen risk data from the Compliance Hub home page to assess the controls mapped to those risks.

Custom Assessment Workflow 

Custom workflows are currently only applied to the control, not the risk assessment. Clients need a way to define custom assessment workflows, such as QA/Review steps, before completing the cyber risk assessment. Leveraging the control workflow capabilities, customers can expand workflows to support assessments. Team administrators can now create, edit, or delete assessment workflows and associate them with assessments. 

NIST 800-30 Risk Templates

Large clients and partners are using multiple risk dashboards to manage their risks. However, there is no easy way to copy risks from one risk dashboard to another. 

Now, CyberStrong users can save risks as templates for reuse. Templates allow clients and partners to save time, maintain consistency, and simplify the process of creating risks between dashboards, applications, or business units. They provide a starting point, making focusing on assessment, remediation, or customization easier than starting from scratch each time.

This update only applies to NIST 800-30

Automated Risk Re-evaluation

For CyberStrong users to understand residual risk, the platform must be able to automatically re-evaluate risks based on mapped control status. Currently, the assessment of controls does not update risks for NIST 800-30 or FAIR risk assessments.

With this new update, customers can implement a variation of the FAIR Controls Analytics Model (FAIR-CAM) to re-evaluate both FAIR and NIST 800-30 risks. Although FAIR-CAM provides a blueprint for risk re-evaluation, each organization may want to customize the model. 

Team administrators can adjust category weight and control implementation % as part of their risk re-evaluation model. 

For example, the administrator can use this update to: 

  1. Adjust the default weight for each control type to custom settings. Default values for each category will be:
    1. Prevention = 90% - frequency
    2. Detection = 4.5% - magnitude
    3. Response = 4.5% - magnitude
  2. Use the assessment scoring results to set the control implementation % for each control.
    1. Once set, users can see:
      1. Weight and control implementation percentage will be used to re-calculate any residual risk, including industry risks, in the risk register.
      2. Residual risk can be displayed in the following locations, at a minimum:
        1. On the Risk Register as Financial Impact of Risks (800-30)
        2. On the Executive Dashboard as Your Top Cybersecurity Risks by $ (800-30)
        3. The individual risk (NIST 800-30 and FAIR)
        4. An updated risk trend graph that accurately depicts residual risk.

Leverage a cybersecurity risk register template here.

You may also like

How to Streamline Your ...
on December 24, 2024

Many industry regulations require or promote cybersecurity risk assessments to bolster incident response, but what is a cybersecurity risk assessment? For example, cyber risk ...

Alison Furneaux
CISO Reporting Structure ...
on December 23, 2024

The Changing Landscape of CISO Reporting The Chief Information Security Officer (CISO) role has evolved dramatically in recent years. Traditionally reporting to the Chief ...

How to Leverage the FAIR Model ...
on December 19, 2024

In light of the Colonial Pipeline cyberattack, measuring risk is on everyone’s minds. However, quantifying risk is often not easy. So many factors go into determining and ...

Kyndall Elliott
How to Effectively Communicate Top ...
on December 9, 2024

Effective cybersecurity reporting is more important than ever for CISOs, CIOs, and other security leaders in today's complex threat landscape. Reporting isn’t just about sharing ...

November Product Update
on November 27, 2024

The CyberSaint team has been working hard to deliver the latest updates to streamline and improve our customers’ user experience and address their top-of-mind challenges. We’re ...

Putting the “R” back in GRC - ...
on December 5, 2024

Cyber GRC (Governance, Risk, and Compliance) tools help organizations manage and streamline their cybersecurity, risk management, and compliance processes. These tools integrate ...