The CyberSaint team is dedicated to providing new features to CyberStrong and advancing the CyberStrong cyber risk management platform to address all your cybersecurity needs. These latest updates will empower you to customize assessment workflows, access NIST 800-30 risk templates, and leverage automated risk re-evaluation for enhanced risk remediation.
Additionally, we’ve made it possible for users to assess themselves against the Advisen data set for risk benchmarking using custom assessments and frameworks. This update also includes significant updates to crosswalking that address customer ease and access between frameworks.
Crosswalking V.2
CyberStrong users have limited capabilities to conduct custom crosswalks with the current configuration. The CyberSaint team manually configures the custom crosswalk behind the scenes for the customer. Now with the update, users can crosswalk all frameworks to all other frameworks available in the customer’s environment. The new version of crosswalking leverages a new AI endpoint to crosswalk between two frameworks in real time.
Additionally, Crosswalking V.2 allows users to update the crosswalk and crosswalk template workflows to add the ability to add any control/control action from the source framework to the current control/control action.
Learn more about the CyberStrong approach to crosswalking and automating mapping between cybersecurity frameworks.
Automated Assessment & Framework Creation
For CyberStrong users to benchmark against the Advisen data set, users need to create custom assessments and frameworks. With the new update, users with the Compliance Hub can quickly assess themselves against their top five Advisen risks and associated controls.
Customers can use the Advisen risk data from the Compliance Hub home page to assess the controls mapped to those risks.
Custom Assessment Workflow
Custom workflows are currently only applied to the control, not the risk assessment. Clients need a way to define custom assessment workflows, such as QA/Review steps, before completing the cyber risk assessment. Leveraging the control workflow capabilities, customers can expand workflows to support assessments. Team administrators can now create, edit, or delete assessment workflows and associate them with assessments.
NIST 800-30 Risk Templates
Large clients and partners are using multiple risk dashboards to manage their risks. However, there is no easy way to copy risks from one risk dashboard to another.
Now, CyberStrong users can save risks as templates for reuse. Templates allow clients and partners to save time, maintain consistency, and simplify the process of creating risks between dashboards, applications, or business units. They provide a starting point, making focusing on assessment, remediation, or customization easier than starting from scratch each time.
This update only applies to NIST 800-30.
Automated Risk Re-evaluation
For CyberStrong users to understand residual risk, the platform must be able to automatically re-evaluate risks based on mapped control status. Currently, the assessment of controls does not update risks for NIST 800-30 or FAIR risk assessments.
With this new update, customers can implement a variation of the FAIR Controls Analytics Model (FAIR-CAM) to re-evaluate both FAIR and NIST 800-30 risks. Although FAIR-CAM provides a blueprint for risk re-evaluation, each organization may want to customize the model.
Team administrators can adjust category weight and control implementation % as part of their risk re-evaluation model.
For example, the administrator can use this update to:
- Adjust the default weight for each control type to custom settings. Default values for each category will be:
- Prevention = 90% - frequency
- Detection = 4.5% - magnitude
- Response = 4.5% - magnitude
- Use the assessment scoring results to set the control implementation % for each control.
- Once set, users can see:
- Weight and control implementation percentage will be used to re-calculate any residual risk, including industry risks, in the risk register.
- Residual risk can be displayed in the following locations, at a minimum:
- On the Risk Register as Financial Impact of Risks (800-30)
- On the Executive Dashboard as Your Top Cybersecurity Risks by $ (800-30)
- The individual risk (NIST 800-30 and FAIR)
- An updated risk trend graph that accurately depicts residual risk.
- Once set, users can see:
Leverage a cybersecurity risk register template here.
