Free Cyber Risk Analysis: Your Top Cyber Risks in 3 Clicks

Get Started
Request Demo

The CyberSaint team is dedicated to providing new features to CyberStrong and advancing the CyberStrong cyber risk management platform to address all your cybersecurity needs. These latest updates will empower you to customize assessment workflows, access NIST 800-30 risk templates, and leverage automated risk re-evaluation for enhanced risk remediation

Additionally, we’ve made it possible for users to assess themselves against the Advisen data set for risk benchmarking using custom assessments and frameworks. This update also includes significant updates to crosswalking that address customer ease and access between frameworks. 

Crosswalking V.2

CyberStrong users have limited capabilities to conduct custom crosswalks with the current configuration. The CyberSaint team manually configures the custom crosswalk behind the scenes for the customer. Now with the update, users can crosswalk all frameworks to all other frameworks available in the customer’s environment. The new version of crosswalking leverages a new AI endpoint to crosswalk between two frameworks in real time. 

Additionally, Crosswalking V.2 allows users to update the crosswalk and crosswalk template workflows to add the ability to add any control/control action from the source framework to the current control/control action.

Learn more about the CyberStrong approach to crosswalking and automating mapping between cybersecurity frameworks

Automated Assessment & Framework Creation 

For CyberStrong users to benchmark against the Advisen data set, users need to create custom assessments and frameworks. With the new update, users with the Compliance Hub can quickly assess themselves against their top five Advisen risks and associated controls. 

Customers can use the Advisen risk data from the Compliance Hub home page to assess the controls mapped to those risks.

Custom Assessment Workflow 

Custom workflows are currently only applied to the control, not the risk assessment. Clients need a way to define custom assessment workflows, such as QA/Review steps, before completing the cyber risk assessment. Leveraging the control workflow capabilities, customers can expand workflows to support assessments. Team administrators can now create, edit, or delete assessment workflows and associate them with assessments. 

NIST 800-30 Risk Templates

Large clients and partners are using multiple risk dashboards to manage their risks. However, there is no easy way to copy risks from one risk dashboard to another. 

Now, CyberStrong users can save risks as templates for reuse. Templates allow clients and partners to save time, maintain consistency, and simplify the process of creating risks between dashboards, applications, or business units. They provide a starting point, making focusing on assessment, remediation, or customization easier than starting from scratch each time.

This update only applies to NIST 800-30

Automated Risk Re-evaluation

For CyberStrong users to understand residual risk, the platform must be able to automatically re-evaluate risks based on mapped control status. Currently, the assessment of controls does not update risks for NIST 800-30 or FAIR risk assessments.

With this new update, customers can implement a variation of the FAIR Controls Analytics Model (FAIR-CAM) to re-evaluate both FAIR and NIST 800-30 risks. Although FAIR-CAM provides a blueprint for risk re-evaluation, each organization may want to customize the model. 

Team administrators can adjust category weight and control implementation % as part of their risk re-evaluation model. 

For example, the administrator can use this update to: 

  1. Adjust the default weight for each control type to custom settings. Default values for each category will be:
    1. Prevention = 90% - frequency
    2. Detection = 4.5% - magnitude
    3. Response = 4.5% - magnitude
  2. Use the assessment scoring results to set the control implementation % for each control.
    1. Once set, users can see:
      1. Weight and control implementation percentage will be used to re-calculate any residual risk, including industry risks, in the risk register.
      2. Residual risk can be displayed in the following locations, at a minimum:
        1. On the Risk Register as Financial Impact of Risks (800-30)
        2. On the Executive Dashboard as Your Top Cybersecurity Risks by $ (800-30)
        3. The individual risk (NIST 800-30 and FAIR)
        4. An updated risk trend graph that accurately depicts residual risk.

Leverage a cybersecurity risk register template here.

You may also like

Critical Capabilities of Cyber ...
on May 20, 2024

In today's digital landscape, robust cybersecurity risk assessment tools are crucial for effectively identifying and mitigating cyber threats. These tools serve as the first line ...

A Practical Approach to FAIR Cyber ...
on May 10, 2024

In the ever-evolving world of cybersecurity, managing risk is no longer about simply setting up firewalls and antivirus software. As cyber threats become more sophisticated, ...

Unveiling the Best Cyber Security ...
on April 24, 2024

Considering the rollout of regulations like the SEC Cybersecurity Rule and updates to the NIST Cybersecurity Framework; governance and Board communication are rightfully ...

April Product Update
on April 18, 2024

The CyberSaint team is dedicated to providing new features to CyberStrong and advancing the CyberStrong cyber risk management platform to address all your cybersecurity needs. ...

Bridging the Gap: Mastering ...
on April 22, 2024

In today's digital landscape, cybersecurity has become essential to corporate governance. With the increasing frequency and sophistication of cyber threats, the SEC has set forth ...

March Product Update
on March 21, 2024

The CyberSaint team is dedicated to advancing the CyberStrong platform to meet your cyber risk management needs. These latest updates will empower you to benchmark your ...