Each cyber security standard speaks in its own way about managing security risks and sets requirements for risk management. Risk management is undoubtedly at the heart of cyber security and part of credible information security management.
In our opinion, the most important idea of effective cyber risk management is to get the organization to focus on the right things. However, implementing risk management is not easy, especially when starting from a blank paper.
For this reason, we are constantly working to find new ways to help organizations create effective security risk management through automation. As the latest addition, we have introduced the autopilot mode of risk management to Cyberday. This post describes its concept in more detail.
The management of security risks is related to many areas in Cyberday. Risks can be e.g. identified through security incidents or upcoming changes. In addition, risk management is supported by an extensive risk bank with comprehensive examples of information security risks.
Cyberday always strives to automate those sections of risk management that can be automated. The degree of automation depends on the use of autopilot mode.
Cyberday always automates the following parts of the risk management process:
These features automatically provide you with a list of security risks which you are already controlling with your security tasks.
When autopilot mode is ON, also the following parts are automated:
Autopilot mode is designed to highlight the security risks which probably would need more attention from your organization.
You can also at any time modify the evaluations given by the autopilot manually and connect tasks to risks that have not been automatically targeted correctly. Autopilot mode doesn't limit the actions available for you in any way - it just tried to automate the parts that are possible to automate.
The autopilot mode for cyber risk management is automatically enabled for new Cyberday accounts. Current users can enable the mode with the following steps:
You can safely test the autopilot mode. If you later turn off the mode, no data will be lost or overwritten.
We also want to take into account the characteristics of the organization's operations in the automated risk evaluations. Different activities highlight different security risks:
So there will be a few key choices that can be used to automatically raise or lower the risk levels for risks in different themes based on whether these issues are highlighted in the organization’s operations.
If you have enabled the risk autopilot mode, you will see a risk matrix also on the Dashboard, presenting a visual digest into the cyber risk management.
The matrix visually displays a selection of the risks of different impact and likelihood and their risk levels. The link above gives an easy access to the full risk list.
We look forward to hearing your wishes for further development of risk management. You can always book a meeting with us at a time that suits you. You can also always find out more about our risk management webinars.
See you soon! 👋