Overview and Features
Corporate boards and executive managers understand that cyber risk is a strategic issue that must be addressed at the highest levels of the organization. The issue extends beyond the scope of the CISO and CIO – cyber risk spans all corners of the organization, and effective oversight requires engagement and collaboration among a diverse array of stakeholders.
In addition to the key role played by CISOs and CIOs, other players include Risk Management, Audit & Compliance, Human Resources, Procurement, and Counsel. True collaboration among this group requires strong corporate leadership and a thoughtful policy regime. That is why this is a board governance issue.
The Cybernance Platform uses standards from the NIST Cybersecurity Framework (a national standard) to assess, measure and report an organization’s cyber maturity across all these various functions. Cybernance is a software-as-a-service platform designed to create a common language so that boards, executives, and key stakeholders can communicate in meaningful ways about issues that transcend technology.
- Rapid NIST assessment sets up in minutes; begins reporting results as soon as users start entering data.
- Standards-based reporting – based on NIST Core principles; the assessment can be translated into other modes to give a view of HIPAA, PCI, FFIEC, ISO, and other standards.
- Common language for all stakeholders – cybersecurity is more than technology; we measure and report on procedure, process, and policy issues that are meaningful in any business context.
- Prioritized action items – reports aren’t just a point-in-time; we show leaders where the organization’s greatest deficiencies are and recommend courses of action.
- Workflow for managing ownership – this is a group effort; software methods for sharing, assigning, and collaborating on projects helps enhance the group dynamic.
- Translation engine for compliance efforts – security standards are all made of the same “stuff”; we provide built-in crosswalks between each standard. NIST is just the baseline – we can report, HIPAA, FFIEC, PCI, ISO, and others.
Want to know more?
Get the answers you need using the form below.