FAQs

Q?

How do I find out more information on the Security Standards used in Cyberprism?

A.

When researching a questions via an informative reference, please use the following links below to access additional information regarding that specific standard.

FFIEC:

NIST:

https://www.ffiec.gov/cyberassessmenttool.htm https://www.nist.gov/cyberframework

CRR:

CIS CSC:

https://www.us-cert.gov/ccubedvp/assessments https://www.cisecurity.org/controls/

COBIT 5:

ISO/IEC 27001:2013:

https://cobitonline.isaca.org https://www.iso.org/standards.html

ISA 6243-2-1:2009:

NIST SP 800-53 Rev. 4:

https://www.isa.org/ https://nvd.nist.gov/800-53/Rev4

ISA 62443-3-3:2013:

GDPR:

https://www.isa.org/ https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32016R0679

Q?

What Business Sectors Does CyberPrism Work With?

A.

CyberPrism Industry Sectors

Q?

What Frameworks and Standards Does CyberPrism Reference?

A.

CyberPrism Frameworks and Standards

Q?

What Areas of an Organisation Does CyberPrism Cover?

A.

CyberPrism Holistic Cyber Assessment

Q?

Why Does My Score Change?

A.

So your scores and metrics change as you amend answers in the inherent risk and cyber maturity sections. (Stage 1 and Stage 2). The system also tracks your monthly scores chronologically in the executive reports section. Even when you don't change values in the Stage 1 and Stage 2 section your scores and metrics can change. To take a snapshot in time you can download the reports in MS Word format and/or export all the assessment metrics in MS Excel spreadsheet format. One of the unique features of CyberPrism is the use of "Dynamic Cyber and Business Intelligence".

CyberPrism utilises a vast array of business and intelligence sources in order to assess the inherent cyber risk of your organisation. These values are used in our algorithms to assess the inherent cyber risk related your organisation has based on the country and sector you are operating in. The intelligence values and data points are also used to "weight" the scores in assessing the cyber security maturity of your organisation. Therefore as the feeds update and intelligence changes you may find either or both your inherent cyber risk or overall cyber score changes.

CyberPrism looks at all these areas in relation to the country you are operating from.

Q?

Is CyberPrism just a gap analysis tool based on a security standard?

A.

No, CyberPrism is a Cyber Risk Assessment tool and it is not comparing, assessing or contrasting you against a list of controls in a particular standard.

There are many tools on the market that simply ask you a question based on a security control listed in a particular standard. They take your "Yes/No" answer and score you against positives and negatives. e.g. 100 questions - 60 Yes = 60%

There are many flaws with this approach.  Let's look at the main ones. Firstly, "one size does not fit all". Therefore, comparing organisations of varying types, sizes and nuances against the same "score card" is simply not an accurate way of determining their cyber risk status. Secondly, this approach does not perform any kind of "risk assessment". It is simply a binary question: "do you have something or not?" Finally, a process like this does not take into account appropriate maturity. There are many maturity levels for every conceivable control. Which of these levels of the controls is appropriate for your consideration, the answer is not based on one factor. It can only be based on what measures up to your cyber inherent risk.

These are some of the many strengths of CyberPrism:

01) Builds a profile of your organisation and calculates your cyber inherent risk. This value determines what controls and what maturity levels of controls are appropriate for your business.

02) Performs a holistic cyber maturity assessment across your entire enterprise. This is not just for IT security controls, but also includes areas ranging from cyber governance to supply chain.

03) Produces evidence and metrics. The dashboards and regulatory reports are instantly available.

04) Allows you to share your resulting "Cyber Risk Rating" securely without having to share your assessment report with anyone.

Q?

Can I get a demo version?

A.

Yes, you can see a demonstration of the software. Please contact us and we will be happy to set up an online demonstration and answer any questions you may have.

Q?

Can I pay by invoice?

A.

Yes, that's not a problem. Please select that option when registering and we will process payment via invoice.

Q?

Do you provide consultancy and extended support?

A.

Yes, we have teams of cyber security, risk and privacy experts that provide remote and on site assistance to all our clients around the globe. Please contact us to discuss your specific requirements.

Q?

Is CyberPrism secure?

A.

Yes, security was paramount in the design of the CyberPrism architecture and the confidentiality, integrity and availability of your data is one of our key objectives within our mission. We utilise and have invested in some of the most advanced security controls available. The solution is delivered via the cloud and utilises many controls including 2FA (Two Factor Authentication) and all of your data is encrypted. Our own Cyber Risk Rating is constantly rated over 900 with a designation of "Excellent'. The CRI Cyber Risk International security team monitor the system 24/7.

Q?

How long does it take to get set up on CyberPrism?

A.

It depends on a number of factors,  including payment type selected. Normally users are set up and operating on the same day.

Q?

How long does a CyberPrism assessment take?

A.

That depends. If you have all the information at hand you could probably complete the assessment process in a day. However, in reality it often takes organisations some time to collate and verify information as they go through the assessment process.

The CyberPrism allows you to "go back" and change information and re-run reports. Therefore, clients often take the approach to complete and assessment as quickly as possible and then review the results. This gives them an opportunity to focus on areas of concern very quickly, validate findings and close gaps.