The team at CyberSaint is thrilled to announce the latest additions and updates made to the CyberStrong solution. These latest updates will focus on reporting and remediation. To start off, we’ve made it easier to customize reporting with our latest changes to remediation reports. Additionally, we’ve implemented revisions to the RoSI calculations for enhanced risk analysis and introduced custom risk values and presets.
We are also excited to announce the CCA Kickstarter plan. The blog below provides more details about the latest updates to CyberStrong.
CyberStrong Dashboard & Reporting
Custom Remediation Reports
Before this update, risk remediation reporting had some limitations for customers and partners. Previous reports were static and not very customizable. Customers and partners needed the ability to export any and every field from the platform to support their own custom reporting needs.
Now, we have implemented a custom reporting capability that allows customers and partners to define the fields they want to export as .csv files. Custom report templates can be created, saved, and downloaded as customers and partners need.
Custom Remediation report templates are now also supported.
Remediation Project Status Filter on Executive Dashboard
Previously, the Executive Dashboard only displayed “In Progress” Remediation Projects. However, clients wanted a way to show other statuses on the Executive Dashboard. These other projects could be used to secure budget approval for new requests, to identify projects committed but not started, or to track completion.
We have added a status filter to the Remediation Projects section of the Executive Dashboard configuration. The status is “In Progress” by default, but other statuses can be added or removed.
Note: Only the top 5 Remediation Projects sorted by highest Annualized Loss Expectancy (ALE) are displayed.
CyberStrong Cyber Risk Management
Updated Return on Security Investment (RoSI) Calculations
Previously, RoSI calculations used an average based on the NIST CSF categories. Setting a remediation target by control required an update to the RoSI calculation.
Now, users can use current and target ALE to identify the amount of risk reduction. Both (current and target) ALEs use the automated residual risk calculation. RoSI is now calculated using the updated risk reduction using the following formula:
(Risk Reduction - Project Cost)/(Project Cost)
Note: If the RoSi is negative, 0% will be displayed.
Industry Risk Descriptions
Users wanted a description to aid their selection process when selecting industry risks. Now, all 18 available industry risk scenarios have a description for customers.
Asset Groups to Associate Controls and Risks
It was challenging for clients to associate controls and risks to assets. They would create a risk register and an assessment, but the data lacked a logical grouping. Now, CyberStrong users can quickly and easily associate controls and risks to asset groups.
Clients can now add their own Asset Groups by type and associate them with an assessment and a risk register.
In this initial phase, the following Asset Types are supported:
- Application
- Engagement
- Equipment
- Facility
- Function
- Information
- People
- Process
- Product
- Service
- System
- Supplier
- Technology
- Vendor
Subsequent phases will release options for additional Asset Types and Attributes. The next phase will also allow clients to launch assessments and create risk registers directly from an Asset Group.
Custom Risk Values and Presets
When creating custom heat maps, there was no way for clients to set the Qualitative Value or the Custom Risk Presets. Both the Qualitative Values and Custom Risk Presets were hard-coded with no way to edit them.
When creating a custom heat map, clients can now edit both the Qualitative Value and the Custom Risk Presets for both Impact and Likelihood.
- The Qualitative Value calculates the Average Overall Risk Score on the Risk Register. These values are aligned to your Impact and Likelihood labels.
- The Custom Risk Presets calculate Inherent Risk within each risk scenario. The preset Min, Max, and Most Likely values and labels align with your Impact and Likelihood labels.
Note: The Qualitative Value is an integer between 1 and 10.
CyberStrong Continuous Compliance
Continuous Control Automation (CCA) Kickstarter
We are excited to unveil our Continuous Control Automation (CCA) Kickstarter, which will aid customers' adoption of CCA. Previously, enabling CCA for our clients was challenging. The cost and level of complexity limited the adoption of CCA.
Now, the CSM team can add CCA Kickstarter to existing CyberStrong Compliance Hub, CyberStrong Risk Hub, and CyberStrong Executive Hub clients. Service includes:
- Activating a CyberStrong connector to policy configurations for one of the following cloud environments:
- AWS
- Azure
- Mapping a subset of NIST 800-53 Rev. 5 controls to corresponding policy configurations of a chosen cloud environment.
Note: Base implementation fee is $5,000. Custom connectors and frameworks are excluded and require a separate SOW.
