If you accumulate a lot of items in your organization's cyber security management system, the Taskbook can grow long.
We've included other improvements to the Taskbook recently that make it easier to find important content, but there was no search in there before. Now we added search functionality to Taskbook also. 👍
You can now enable the "Risk autopilot" from your account's risk management settings.
This is our newest addition for making cyber security risk management more automated. Our goal is to help you focus on the biggest risks - which are likely and impactful in today's digital world and which you don't yet have many controlling tasks for.
We'll be creating a more detailed description of the risk autopilot functionality soon.
Related addition: Risk autopilot will also be accompanied by an "organization's risk profile" soon. This will enable you to make a few key choices (e.g. amount of physical locations, amount of employees, importance of own software development) used to automatically tune risk levels even more accurately.
For example, if you've linked risks to a security incident or change on the documentation card, you'll clearly see also the level of the risk and risks will automatically be listed in order by risk level.
Cyberday now also works in French. This means the possibility for:
We did a template content sync round #38 for Cyberday recently. As a new addition, e.g. themed risk assessments were introduced.
These allow you to define a clear target for a risk assessment, such as a specific data system, physical office, partner organization or databank. You will then be able to identify the risks specific to this item in more detail than in general risk management.
The documentation of the theme risk assessments also helps to distinguish these items from the risk documentation in general, which have been the subject of a more detailed assessment.
We will add a new setting to Cyberday that further automates risk evaluation and management. When you enable the risk autopilot mode, risks are automatically given an expert evaluation and the impact of related management tasks on the risk level is also automatically calculated.
Based on this, we aim to help you identify as effectively as possible the risks to which your organization should pay extra attention in. In the future, we will also develop factors that take into account the type of organization's operations (e.g. number and turnover of personnel, number of physical locations, special features of operations such as software development).
We've published a few changes to make the contents of the Taskbook clearer for every key user in your Cyberday account:
If you wish, you can now remove the possibility for employees to request wider access to Cyberday directly through Teams.
By default, when navigating the Taskbook or Organization dashboard tabs, a person is shown an info message and offered the option to request access if they do not already have permission to view this tab. If you pull the switch to the left, this button for access requesting will not be displayed.
Active employees can be involved in the continuous improvement of their Cyberday guidelines by commenting on them.
Now the owners of the guidelines will receive a weekly digest message of these comments from Cyberday Teams bot, if they have any untreated comments in the guidelines they own.
The guideline comments have also been better emphasized in the UI to make them stand out when needed.
You can now set the owner and a review interval similarly for reports as for any other content.
Report owner and review interval are displayed in the reports list view, which also got some improvements (e.g. search).
We created templates the most common policy documents from access control to encryption and malware protection policies to Cyberday. The content of the policy is automatically generated based on the tasks, guidelines, and documentation created for this theme.
You can take advantage of policy documents to distribute a clear summary of a particular topic to, for example, your company management or an auditor. The actual management of the security work is then done through tasks, giudelines and documentation - not left only in the document.
We developed the task cards in Cyberday a few steps forward. New things include:
We recommend utilizing the process description text along with the linked security system to define, what's the task owner's role in ensuring the security system is working as intended.
You can now leverage the NIST Cybersecurity Framework, a popular security framework developed by the National Institute of Standards and Technology (NIST), to strengthen your own cyber defense.
The CSF framework is a set of good security practices designed specifically for critical infrastructure operators to reduce security risks.
Cyberday provides you with ready-made pending tasks based on the frameworks you activate.
You can complement this set with your own custom tasks by clicking the "Add task" button in the upper right corner of a task list.
Now, in this situation, you can also make connect the task to relevant parts of a framework, if you wish. This information will then be displayed on the task card, and in compliance reports the task will be highlighted in connection with related requirement / control / section of the law.
You can now find the recordings of our latest webinars as well as upcoming webinars from the "Webinars and support" page, which can always be found in the Cyberday left menu.
Be sure to take advantage of all our support methods and also remind your colleagues of them if necessary! 🙂