Cyber Risk International Ltd - Unit 1 St Olaves Centre- Kinsealy - Co Dublin - Ireland
+353 -(0)1 905 3260 info@cri.ie
Enabling Organisations to Understand and Manage Cyber Risk

FAQs

Q?

Looking up Informative References sources

A.

When researching a questions via an informative reference, please use the following links below to access additional information regarding that specific standard.

FFIEC:

NIST:

https://www.ffiec.gov/cyberassessmenttool.htm https://www.nist.gov/cyberframework

CRR:

CIS CSC:

https://www.us-cert.gov/ccubedvp/assessments https://www.cisecurity.org/controls/

COBIT 5:

ISO/IEC 27001:2013:

https://cobitonline.isaca.org https://www.iso.org/standards.html

ISA 6243-2-1:2009:

NIST SP 800-53 Rev. 4:

https://www.isa.org/ https://nvd.nist.gov/800-53/Rev4

ISA 62443-3-3:2013:

GDPR:

https://www.isa.org/ https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32016R0679

Q?

What Business Sectors Does CyberPrism Work With?

A.

CyberPrism Industry Sectors

Q?

What Frameworks and Standards Does CyberPrism Reference?

A.

CyberPrism Frameworks and Standards

Q?

What Areas of an Organisation Does CyberPrism Cover?

A.

CyberPrism Holistic Cyber Assessment

Q?

How Many Versions of CyberPrism Are There?

A.

CyberPrism Features

Q?

Is CyberPrism just a gap analysis tool based on a security standard?

A.

No, CyberPrism is a Cyber Risk Assessment tool and it is not comparing, assessing or contrasting you against a list of controls in a particular standard.

So there are many tools on the market that simply ask you a question based on a security control listed in a particular standard. They take your "Yes/No" answer and score you against positives and negatives. e.g. 100 questions - 60 Yes = 60%

There are many flaws with this approach.  Let's look at the main ones. Firstly, "one size does not fit all" so comparing organisations of all types, sizes and nuances against the same "score card" is simply not an accurate way of determining their cyber risk status. Secondly, the approach does not perform any kind of "risk assessment", it is simply a binary do you have something or not. Finally, a process like this does not take into account appropriate maturity. There are many maturity levels for every conceivable control. What level of the controls is appropriate for your consideration, the answer is not based on one factor. It can only be based on what measures up to your cyber inherent risk.

So these are some of the many strengths of CyberPrism:

01) Profiles your organisations and calculates your cyber inherent risk. This value determines what controls and what maturity levels of controls are appropriate for your business.

02) Performs a holistic cyber maturity assessment across your entire enterprise. Not just IT security controls but includes areas ranging from cyber governance to supply chain.

03) Produces evidence and metrics. Dashboards and regulatory reports are instantly available.

04) Allows you to share your results "Cyber Risk Rating" securely without having to share your assessment report with anyone.

Q?

Can I get a demo version?

A.

Yes you can see a demonstration of the software. Please contact us and we will be happy to set up an online demonstration and answer any questions you may have.

Q?

Can I pay by invoice?

A.

Yes, that's not a problem. Please select that option when registering and we will process payment via invoice.

Q?

Do you provide consultancy and extended support?

A.

Yes, we have teams of cyber security, risk and privacy experts that provide remote and on site assistance to all our clients around the globe. Please contact us to discuss your specific requirements.

Q?

Is CyberPrism secure?

A.

Yes, security was paramount in the design of the CyberPrism architecture and the confidentiality, integrity and availability of your data is one of our key objectives within our mission. We utilise and have invested in some of the most advanced security controls available. The solution is delivered via the cloud and utilises many controls including 2FA (Two Factor Authentication) and all of your data is encrypted. Our own Cyber Risk Rating is constantly rated over 900 with a designation of "Excellent'. The CRI Cyber Risk International security team monitor the system 24/7.

Q?

I need multiple licences, is there discount available?

A.

Yes, some clients require literally thousands of licenses for either a large client base, supply chain or for multiple divisions. We offer significant discounts for volume pricing. Please contact us to discuss your requirements in more detail.

Q?

How long does it take to get set up on CyberPrism?

A.

It depends on a number of factors,  including payment type selected. Normally users are set up and operating on the same day.

Q?

How long does a CyberPrism assessment take?

A.

That depends, if you have all the information at hand you could probably complete the assessment process in a day. However, in reality it often takes organisations some time to collate and verify information as they go through the assessment process.

The CyberPrism allows you to "go back" and change information and rerun reports. Therefore clients often take the approach to complete and assessment as quickly as possible and then review the results. This gives them an opportunity to focus on areas of concern very quickly, validate findings and close gaps.