What is it?
CyberPrism is a CAT (Cyber Assessment Tool). There are currently three versions available.
CyberPrism-MS (Managed Service) this is a combination of access to the software supported by a team of cyber risk experts.
CyberPrism-FS (Financial Sector) is access to the software tool specifically designed for the financial service industry. It works for any financial service company, of any type anywhere in the world.
CyberPrism-VRM (Vendor Risk Management) is access to the software tool designed to work with any type of organisation. It facilitates any third party, client or business partner performing a cyber risk evaluation and sharing the cyber risk rating results with any third party.
Typically, this is used by the supply chain (including business partners and corporate clients) of a financial service company in order to accurately articulate and assure confidence in cyber security.
What Does It Do?
The software has an easy to use interface and guides the operator via an intuitive process to perform the various tasks and processes. The software operates from a secure cloud infrastructure and there is no installation required.
Stage 1 - Cyber Inherent Risk
Every business is unique, including every financial service entity. Therefore a "one size fits all" approach is simply not appropriate when it comes to evaluating the cyber security risk and maturity of an organisation. The first stage of CyberPrism calculates a metric referred to as Cyber Inherent Risk. That is a scientific indicator of the level of risk associated with your organisations use of cyber related activity. This is achieved by the operator answering a series of questions utilised to calculate the inherent risk of your organisations cyber DNA.
- Organisational Characteristics
- Delivery Channels
- Online/Mobile Technology Products and Services
- External Threats
- Technologies and Connection Types
Stage 2 - Cyber Maturity Assessment
There is a direct relationship between the cyber inherent risk of an organisation and the appropriate maturity level of mitigating controls in place. Everybody does not need the most mature level of controls in every area across every facet of their business. Understand what maturity level is required and appropriate is key to adequately investing and managing cyber risk. The second stage of CyberPrism brings the operator via a detailed holistic cyber maturity assessment designed specifically for the financial service industry. The user selects answers from questions presented and has the option to add notes or upload supporting evidence documents for inclusion if they wish.
The maturity assessment is holistic and covers the following areas:
- Cyber Risk Management and Oversight
- Threat Intelligence and Collaboration
- Cyber Security Controls
- External Dependency Management
- Cyber Incident Management and Resilience
Cyber Risk Rating
Upon completion of Stage 2, CyberPrism calculates your 'Cyber Risk Rating" and makes the metrics instantly available to you. Using advanced algorithms the system calculates and contrasts your current maturity of controls and compares it to your cyber inherent risk. The resultant score is an accurate indicator of your cyber risk status as it is completely tailored and based on the cyber DNA of your particular organisation. You are being assessed against what you specifically require as opposed to be assessed against a blanket generic standard of controls. Your cyber risk rating score is a value out of 999, the higher your score the safer your organisation is to deal with in relation to cyber risk.
Executive management require accurate MI (Management Information) in order to make key strategic and operational decisions. More data is more perspective on a situation. CyberPrism produces over 20 executive dashboard reports that can be printed. The dashboards are also interactive and can be manipulated and filtered online.
Cyber Maturity Report
Every assessment process is only as good as the report it produces. With the click of a button, CyberPrism calculates thousands of data points of information and generates a comprehensive Cyber Maturity Report for your organisation in MS Word format. This high quality reports contains over 100 pages of information specifically tailored for your organisation. The report can be saved offline and regenerated within minutes if any changes are made to your assessment.
The report includes sections such as:
- Executive Summary
- Cyber Inherent Risk Status
- Cyber Maturity Status
- Roadmap to Maturity
- Cross Mapping to International Standards and Frameworks
- Evidence Collected
It is often necessary to demonstrate to a third party your cyber security status. However, sharing security audit reports is a security risk in itself as they often contain sensitive information that could pose a risk to your organisation if they fall into the wrong hands. CyberPrism handles this challenge in an innovate way. CyberPrism allows you to send a unique link to the headline "Cyber Risk Rating" results to any third party. This facilitates the third party being able to view your Cyber Risk Rating score without observing any details behind it. The "Cyber Risk Rating" features also allows you to optionally embed a widget of code on your website to display a Cyber risk Rating Trust Seal. When a visitor clicks on this seal, CyberPrism displays your cyber risk rating score to the visitor based on your most recently completed assessment.