In Cyberday units are used e.g. to target guidelines to relevant staff. In the future, you will can also require a certain unit to participate in the execution of a specific task.
Now the owners of the most important data assets (such as data systems, databanks, risks, units) operate as automatic units in Cyberday. For example, you can target a guideline to all data system owners, and this user list is automatically updated according to the documentation.
We developed user filtering for this view. If you are the most active administrator for your account, you can now easily set the event log to show events from others than yourself, so you can see who has been helping you get cyber security work forwards.
You can now specify in Cyberday settings which guideline languages you want allow for employees.
If more than one language is enabled, employees will see the language selection in the left menu of the Guidebook.
Cyberday sample guidelines automatically work well multilingually. For the time being, you must use the "official" language of the organization for your own custom guidelines or write all versions in the content of the guideline.
A setting for "acceptable level of risk" has been introduced to support risk management. This can be configured via the Settings view.
The idea of an acceptable level of risk is to tell the user whether, based on the current risk evaluation, the risk requires more detailed treatment or whether it can be directly accepted.
We briefly revamped the Reporting page. When you go to Reporting, you'll immediately see all the reports you've created on your account.
When you go to framework-specific Reporting page, you'll still see all report templates you haven't yet created in the same style as before.
As an admin you can utilize the "All documentation" view to understand the readiness related to documenting your data assets (data systems, databanks, etc.), stakeholders (system providers, data processors) or your own digital security work (risk management, impact assessments).
Now you can also see from this table a summary of how many items in each list are overdue (due date in the past and not in the status "processed") or pending for review (review interval is set and in the past).
We created a new report template, that enables you to communicate the overall concept of your cyber security management system, the most important responsibilities amongst your people and give an overall summary of compliance with different frameworks.
If you have any wishes related to reporting, please feel free to contact us in chat or at team@cyberday.ai.
Log shows events when any of the users:
In the context of cyber security risk management, a clear risk level is now presented for each risk, which is calculated automatically through the severity and probability choices made on the risk card. You may want to either sort or filter your own risk list according to risk level, for example, to see the most critical, untreated risks.
The scale used in the risk assessment can also be modified on the Settings page. Scale 1-3 produces risks of level 1-9, scale 1-5 produces significantly more variability (levels 1-25).
For example, when you view the "Records of processing activities" report and notice a gap in the data for e.g. a databank, you can now easily jump to the data card to make edits, and then use the Back-button to jump back to the report. The user is automatically scrolled to the same location in the report, which helps the switching between long reports and the data cards.
For data systems, "system ID" can now be activated as an additional field along with previously added "system nickname". System ID and nickname are displayed after the "official name" in the administrator views and tables, but not in reports taken out of Cyberday.
Example: Student management system (Wilma, 12511621)
From the All Tasks view, you can now see e.g. the connections of tasks to the requirements of the different frameworks. This allows you to e.g. identify tasks that increase compliance across multiple frameworks and otherwise communicate the importance of tasks to the rest of the team.
We also brought in quick links through which you can quickly see the so-called problematic tasks that are either overdue or awaiting review from the task owner.
In certain documentation lists, you can now create a large list of items at once with the names you want by using the "Add many at once" -option.
Visual reports can now also be viewed from the perspective of a single action process. Useful especially if there is a lot of content.
More developments and new versions of visual reports are coming in the coming months.
We highlighted tasks better on prioritized order on the front page of a theme (e.g. System management).
The right column now also shows better info about the documentation amount and statuses and guideline "readiness levels".