Your Top Five Cyber Risks in Five Clicks with the Free Cyber Risk Analysis

FREE RISK ANALYSIS
Request Demo

The team at CyberSaint is thrilled to announce the latest additions and updates made to the CyberStrong solution. These latest updates will empower you to benchmark your organization’s maturity against industry standards, compare changes in FAIR-based assessments, customize heat maps, and upload and centralize control evidence for easy visibility and accessibility.

Additionally, we’ve updated custom reporting templates and improved industry risk settings that allow users to select primary and secondary industries. This update includes initial steps to improve multi-tenancy with more flexibility and less complexity.

Discover details about the latest changes to CyberStrong below:

Enhanced Secondary Industry Risk Data

Previously, the industry risk settings only supported the first two digits of the NAICS codes. This is too high for most industries to get more specific risks. Now, CyberStrong users can select more focused results with access to the third digit of the NAICS code via a secondary industry filter. This is an optional field that clients can use to select their primary and secondary industries.

Note: Some primary industries do not have secondary industries; therefore, the secondary industry is the same as the primary industry

Compare and Evaluate FAIR Risk Assessments

With the ability to automatically reevaluate risks in the CyberStrong platform, users could not compare the changes in FAIR risks. Users could track and monitor the changes for NIST 800-30 risks but not for FAIR.

In this latest update, we have added pre (Inherent) and post (Residual) risk curves to the FAIR risk register. These updated curves track the changes from the original Inherent and subsequent Residual settings based on the control state. This will empower users to compare and monitor risk changes over time.

Industry Benchmarking Data

The CyberStrong platform has leveraged industry risk benchmarking data to enhance risk evaluations, but the data was not displayed anywhere within the solution, and customers wanted a way to compare their maturity to the industry benchmark.

Now, the benchmarking data is visible in multiple locations based on your user settings. You can find the data in the Executive Dashboard, the NIST CSF Maturity graph, and the Home Tab in the NIST CSF Function spider chart.

Note: The NIST CSF Category spider chart is not included in this update but will be in the future.

Customizable 6x6 Heat Maps

Previously, the CyberStrong heat maps supported three sizes: 3x3, 4x4, and 5x5. However, considering industry updates and risk measurement changes, like the Security Control Framework (SCF), certain frameworks require 6x6 heat maps. The new heat maps also include more options for color customization.

In this release, we included a 6x6 heat map and now support all variations from 3x3 to 6x6, including NxM, where N and M are both sizes between 3 and 6. This update allows customers and partners to flexibly create 3x5, 4x6, 5x4, etc. heat maps.

Updates to Custom Report Templates

Previously, once a custom Word report template was added to your CyberStrong environment, it could not be deleted. Customers and partners needed a way to remove older templates or templates with errors.

We have now included the ability to delete incorrect or old Word report templates for users and partners.

Central Artifact Repository

Before this update, we only allowed evidence to be added via an external link to another document repository. Customers and partners needed the ability to upload evidence directly into CyberStrong.

Now, the CyberStrong platform supports uploading and/or linking external artifacts in the platform. All files are centrally stored within the Central Artifact Repository, allowing administrators to view and manage all artifacts centrally. This update will aid users in control evidence processes.

Note: All documents uploaded are scanned for viruses and malicious content

RBAC Phase 1: OU to Teams Mapping

Our existing multi-tenancy capabilities, which leverage Teams, have been a bit complex and confusing. In addition, customers have asked for more flexibility in defining custom roles to provide access to the platform.

In this update, we will begin to release a series of enhancements to implement a new hierarchical role-based access control system. This system will solve multi-tenancy complexities and allow CyberStrong customers more flexibility with custom roles. The first phase will support organizational units (OUs), which allows customers and partners to define their own hierarchy within the platform.  As part of defining these OUs, customers and partners can map which Teams can access each OU. This change will help migrate roles and permissions in subsequent phases.

Notes: Only Teams assigned one of the following elements in the platform can be linked to OUs:

  • Assessment
  • Governance Dashboard
  • Risk Remediation Dashboard
  • Risk register
  • Executive Dashboard

As part of this change, we’re encouraging customers and partners to schedule a meeting with the Product Success team to help them with the OU to Teams mappings before the next phase, which is a migration of the current default roles to the new hierarchical role-based access control system.

*Coming Soon* New Custom Reports

With version 3.57, to be released on June 29, 2024, new CyberStrong reports will be more dynamic and can be customized according to the user’s needs. Customers and partners have asked for the ability to export any and every field from the platform to support their own custom reporting needs.

Now, the CyberStrong platform supports a custom reporting capability that allows customers and partners to define the fields they want to export as .csv files. Custom report templates can be created, saved, and downloaded as customers and partners need. The following custom report templates are supported:

  • Assessment
  • Framework
  • User
  • Risk

*Coming Soon* Enhanced Remediation Targets

Currently, remediation targets are set by CSF Category and Function, a collection of controls.  Customers and partners needed a way to set remediation targets by control, not CSF Category and Function.

With version 3.57, to be released on June 29, 2024, the CyberStrong platform will allow customers and partners to select which controls will be included in the remediation project based on the selected risk scenarios. Once selected, customers and partners can set target scores for those controls.

Note: An improved RoSI calculation will follow this release. Based on each control's current and target scores, this calculation will be more accurate.

*Coming Soon* AI-generated KnightVision Report

We’re including a sneak peek at our upcoming reporting tool, the KnightVision Report. Understanding priorities across multiple data points can be challenging.  Where should customers and partners prioritize remediation based on their current risk posture, control implementation status, and emerging threats and vulnerabilities?

Customers and partners can use the KnightVision Report, which leverages Artificial Intelligence, to make recommendations based on your current risks, controls, threats, and vulnerabilities.  This summary report helps customers and partners prioritize the right remediation projects.

Note: Users must enable this report to access it. Reports can be scheduled at a weekly or monthly cadence.

You may also like

How to Leverage the FAIR Model ...
on December 19, 2024

In light of the Colonial Pipeline cyberattack, measuring risk is on everyone’s minds. However, quantifying risk is often not easy. So many factors go into determining and ...

Kyndall Elliott
How to Effectively Communicate Top ...
on December 9, 2024

Effective cybersecurity reporting is more important than ever for CISOs, CIOs, and other security leaders in today's complex threat landscape. Reporting isn’t just about sharing ...

November Product Update
on November 27, 2024

The CyberSaint team has been working hard to deliver the latest updates to streamline and improve our customers’ user experience and address their top-of-mind challenges. We’re ...

Putting the “R” back in GRC - ...
on December 5, 2024

Cyber GRC (Governance, Risk, and Compliance) tools help organizations manage and streamline their cybersecurity, risk management, and compliance processes. These tools integrate ...

October Product Update
on October 17, 2024

The team at CyberSaint is thrilled to announce the latest additions and updates to the CyberStrong solution. To start off, we’ve made it easier to create an assessment and risk ...

Transforming Cyber Risk ...
on October 12, 2024

In today’s complex cyber landscape, managing risks effectively isn’t just about identifying threats—it’s about understanding their impact and knowing how to prioritize ...