The team at CyberSaint is thrilled to announce the latest additions and updates made to the CyberStrong solution. These latest updates will focus on reporting and remediation. To start off, we’ve made it easier to customize reporting with our latest changes to remediation reports. Additionally, we’ve implemented revisions to the RoSI calculations for enhanced risk analysis and introduced custom risk values and presets.
We are also excited to announce the CCA Kickstarter plan. The blog below provides more details about the latest updates to CyberStrong.
Before this update, risk remediation reporting had some limitations for customers and partners. Previous reports were static and not very customizable. Customers and partners needed the ability to export any and every field from the platform to support their own custom reporting needs.
Now, we have implemented a custom reporting capability that allows customers and partners to define the fields they want to export as .csv files. Custom report templates can be created, saved, and downloaded as customers and partners need.
Custom Remediation report templates are now also supported.
Previously, the Executive Dashboard only displayed “In Progress” Remediation Projects. However, clients wanted a way to show other statuses on the Executive Dashboard. These other projects could be used to secure budget approval for new requests, to identify projects committed but not started, or to track completion.
We have added a status filter to the Remediation Projects section of the Executive Dashboard configuration. The status is “In Progress” by default, but other statuses can be added or removed.
Note: Only the top 5 Remediation Projects sorted by highest Annualized Loss Expectancy (ALE) are displayed.
Previously, RoSI calculations used an average based on the NIST CSF categories. Setting a remediation target by control required an update to the RoSI calculation.
Now, users can use current and target ALE to identify the amount of risk reduction. Both (current and target) ALEs use the automated residual risk calculation. RoSI is now calculated using the updated risk reduction using the following formula:
(Risk Reduction - Project Cost)/(Project Cost)
Note: If the RoSi is negative, 0% will be displayed.
Users wanted a description to aid their selection process when selecting industry risks. Now, all 18 available industry risk scenarios have a description for customers.
It was challenging for clients to associate controls and risks to assets. They would create a risk register and an assessment, but the data lacked a logical grouping. Now, CyberStrong users can quickly and easily associate controls and risks to asset groups.
Clients can now add their own Asset Groups by type and associate them with an assessment and a risk register.
In this initial phase, the following Asset Types are supported:
Subsequent phases will release options for additional Asset Types and Attributes. The next phase will also allow clients to launch assessments and create risk registers directly from an Asset Group.
When creating custom heat maps, there was no way for clients to set the Qualitative Value or the Custom Risk Presets. Both the Qualitative Values and Custom Risk Presets were hard-coded with no way to edit them.
When creating a custom heat map, clients can now edit both the Qualitative Value and the Custom Risk Presets for both Impact and Likelihood.
Note: The Qualitative Value is an integer between 1 and 10.
We are excited to unveil our Continuous Control Automation (CCA) Kickstarter, which will aid customers' adoption of CCA. Previously, enabling CCA for our clients was challenging. The cost and level of complexity limited the adoption of CCA.
Now, the CSM team can add CCA Kickstarter to existing CyberStrong Compliance Hub, CyberStrong Risk Hub, and CyberStrong Executive Hub clients. Service includes:
Note: Base implementation fee is $5,000. Custom connectors and frameworks are excluded and require a separate SOW.