Organizations with large Microsoft 365 tenant setups, including e.g. multiple country organizations or many very separate business units, can now utilize Cyberday to full potential also.
Many Cyberday accounts can exist inside a single Teams tenant and e.g. employee or new users requesting for access will be asked to select the correct sub-organization they belong to.
Our team focused for a while on making small improvements and fixes related to the user experience of the app. The following is a list of improved points:
An active admin user may want to prepare the contents of organisation's information security management system before inviting others to join.
Now you can add users, assign tasks or documentation items to them, and only then send the actual invitation to the workspace.
This allows the new user to e.g. immediately enter the Taskbook and see a clear to-do list.
User lists on Settings-view clearly separate users between active, invited, and uninvited ones.
Dashboard of Cyberday was clarified and at the same time more status information was introduced.
The main emphasis on the Dashboard is still on the activated frameworks and the contents of the own management system (grouped by themes).
New information has also been added to the right column:
Embed type reports in Cyberday include e.g. privacy notices (GDPR framework).
You can now use two new settings when editing these reports:
When an item is due in 7 days or due today, the bot of Cyberday Teams app will now send the owner a reminder.
In Cyberday all items include an event log, where users can also type in their own, timestamped comments.
This log can also be utilized to facilitate collaboration with colleagues. You can use @-sign to mention another user in the log.
The user is now notified of this directly inside MS Teams or via email, if your account isn't connected to Teams. Notification includes a direct link straigh to the item where the comment was posted to.
When you want to delegate the implementation of a task to certain responsible persons through Cyberday, you can use the "Add participants" function on the task card.
This works well in situations where, for example, the implementation of a task differs from unit to another and for this purpose it is desired to involve the persons in charge of the units. It may also be important to delegate a certain tasks to e.g. data system owners (e.g. reviewing access rights), which can also be performed in this style.
When a person is marked as a participant in a task, he or she sees the task as well as the implementation instructions written by the owner in his or her Taskbook, but it is clearly different from the tasks in which the person is the owner.
We made the event log of an individual item look clearer. For example, users' own comments or additions on the log are now highlighted more along with events that affect the status of the item.
The log is also now updated in real time as changes are made.
Documentation lists for work records, i.e. Risks, Audits or Continuity plans, have their own workflow in Cyberday.
This workflow is displayed above the table view and allows you to easily filter only the items at a particular stage.
An individual item (e.g. a risk) is also automatically forwarded in the workflow as the risk owner marks questions as done on the documentation card.
From the All documentation -view, you can now see more clearly what kinds of documentation have accumulated in your Cyberday account.
In the future, we will make further modifications so that, for example, the documentation related to data assets better communicates links to other data assets and the documentation related to work results (e.g. risk management) has a stronger workflow which describes progress in the work.
In Cyberday units are used e.g. to target guidelines to relevant staff. In the future, you will can also require a certain unit to participate in the execution of a specific task.
Now the owners of the most important data assets (such as data systems, databanks, risks, units) operate as automatic units in Cyberday. For example, you can target a guideline to all data system owners, and this user list is automatically updated according to the documentation.
We developed user filtering for this view. If you are the most active administrator for your account, you can now easily set the event log to show events from others than yourself, so you can see who has been helping you get cyber security work forwards.
You can now specify in Cyberday settings which guideline languages you want allow for employees.
If more than one language is enabled, employees will see the language selection in the left menu of the Guidebook.
Cyberday sample guidelines automatically work well multilingually. For the time being, you must use the "official" language of the organization for your own custom guidelines or write all versions in the content of the guideline.
A setting for "acceptable level of risk" has been introduced to support risk management. This can be configured via the Settings view.
The idea of an acceptable level of risk is to tell the user whether, based on the current risk evaluation, the risk requires more detailed treatment or whether it can be directly accepted.
.svg)
.png)
