Free Cyber Risk Analysis: Your Top Cyber Risks in 3 Clicks

Get Started
Request Demo

The CyberSaint team is dedicated to advancing the CyberStrong platform to meet your cyber risk management needs. These latest updates will empower you to benchmark your organization against NIST CSF 2.0 and assess and analyze your risk posture with data-backed insights.

We’ve added updates to risk ranges for qualitative and quantitative cyber risk analysis, improved industry risk presets, and published NIST CSF 2.0 as a public framework in the platform. Additionally, we’ve updated the industry risk categories to align with the standard industry risks and included Custom Word Report Templates.

NIST CSF 2.0  

The newly updated iteration of the NIST CSF is available as a public framework for benchmarking in CyberStrong. Clients and partners can access NIST CSF 2.0 as a reference framework for assessments and reporting. The NIST CSF 2.0 Sub Categories have been uploaded as a public framework. Additionally, a new scoring model has been added to this framework:

  • Partial (Tier 1)
  • Risk-Informed (Tier 2)
  • Repeatable (Tier 3)
  • Adaptive (Tier 4)

The CSF 2.0 can be crosswalked to the CSF version 1.1 and mapped to NIST 800-53 Rev. 5 controls. CyberStrong has over 60 gold-standard frameworks built into the platform and can conduct cyber risk assessments on custom control sets.

Industry Risk Categories

Currently, manually created risks can be named anything based on the customer or partner requirements. However, those unique names may not align with the standard industry risks for the Executive Dashboard.

As an administrator of a CyberStrong customer, we have added the ability to select an industry risk for each manually created risk. Specifically, each manually created risk can be assigned one of the following industry risk categories:

  • Access or Privilege Misuse
  • Brute force
  • Code Exploitation
  • Compromised/weak credentials
  • Denial of Service
  • Environmental Factors
  • Human Error
  • Malicious insider
  • Malware
  • Misconfiguration
  • Missing or poor encryption
  • Physical
  • Ransomware
  • Session hijacking
  • Social Engineering
  • System Vulnerabilities
  • Third and fourth-party vendors
  • Unknown/Other

As an administrator, you can configure the Executive Dashboard to display individual or industry risk categories. If you select industry risk categories, all individual risks under the risk category will be aggregated and reported as a single Annualized Loss Expectancy (ALE) value on the dashboard.

Qualitative to Quantitative Risk Ranges

CyberStrong customers and MSPs have asked to simplify the entries for Threat Event Frequency (TEF) and Single Loss Expectancy (SLE) for NIST 800-30 and Loss Frequency (LF) and Loss Magnitude (LM) for the FAIR framework. This will enable users to quickly select values for the minimum, maximum, and most likely values if they are unsure what the value might be.

With this update, CyberStrong users can select qualitative values (Very High, High, Moderate, Low, and Very Low) and convert them into quantitative values (Min, Max, and Most Likely).

The qualitative values map to quantitative ranges as follows:

  • Threat Event Frequency and Loss Frequency
    • Very High: >1 Event per Year
    • High: 1 Event Every 1-10 Years
    • Moderate: 1 Event Every 10-100 Years
    • Low: Every 1 Event 100-1,000 Years
    • Very Low: 1 Event Every 1,000-10,000 Years

  • Single Loss Expectancy and Loss Magnitude
    • Very High: >$100M
    • High: $10M - $100M
    • Moderate: $1M - $10M
    • Low: $100K - $1M
    • Very Low: <$100K

These updates apply to users who leverage the FAIR risk model and NIST 800-30.

Industry Risk Presets

The current Industry Risks have preset ranges for revenue and company size. This limits the flexibility of the data sets. This update removes the ranges and allows users to enter their revenue and employee size directly when adding industry risks to provide higher accuracy with industry data sets.

This update will apply to all industry data input screens, including Home, Executive Dashboard, NIST 800-30, and FAIR.

NOTE: For customers and partners that have used the previous preset ranges, please review your settings, as they may have shifted during the migration.  We used the average of the previous ranges to set the new values.

Custom Word Report Templates

CyberStrong Partners can now create custom reporting for their clients. This update will allow partners to send custom Word reports to their clients. This new addition allows partners and customers to upload a Word document template containing mail merge fields to their instance. Those mail merge fields will be filled in when the user downloads the report.

As an administrator, they can upload a Word template containing data, images, and table fields, collectively mail merge fields. When generating a report for a customer, the mail merge fields will be inserted into the Word template and exported as a Word document.

In case you missed our last product update, CyberStrong now offers Free Cyber Risk Analysis for all organizations looking to discover more about their top industry risks. In just three clicks, you can uncover your top industry risks and associated NIST 800-53 controls based on your organization’s industry, revenue, and company size. See your risks instantly and gain access to one of the world's largest cyber loss data sets.

For more information about the latest product updates, please contact your CSM. Schedule a demo here if any of these updates piqued your interest and you’d like to see how CyberStrong is a leading cyber risk management solution.

You may also like

Bridging the Gap: Mastering ...
on April 15, 2024

In today's digital landscape, cybersecurity has become essential to corporate governance. With the increasing frequency and sophistication of cyber threats, the SEC has set forth ...

March Product Update
on March 21, 2024

The CyberSaint team is dedicated to advancing the CyberStrong platform to meet your cyber risk management needs. These latest updates will empower you to benchmark your ...

Empowering Cyber Risk Modeling ...
on March 20, 2024

The practice of cyber risk management is cyclical. You start by assessing your cyber risk environment. That step includes identifying risks and classifying them in buckets. Then, ...

Leveraging the Executive Dashboard ...
on March 27, 2024

In the fast-paced business world, CISOs and C-suite executives constantly juggle multiple responsibilities, from budgeting to strategic planning. However, in today's digital ...

NIST CSF 2.0 Updates in CyberStrong
on April 4, 2024

The National Institute of Standards and Technology’s Cybersecurity Framework (CSF) is known in cybersecurity as the gold standard framework for cybersecurity and risk guidance; it ...

Building a Defensible Cyber ...
on March 11, 2024

Cyber threats are ever-present in the digital landscape. Just as a hero needs a trusty map, organizations need a cyber security risk management plan to navigate the dynamic and ...