We did a template content sync round #38 for Cyberday recently. As a new addition, e.g. themed risk assessments were introduced.
These allow you to define a clear target for a risk assessment, such as a specific data system, physical office, partner organization or databank. You will then be able to identify the risks specific to this item in more detail than in general risk management.
The documentation of the theme risk assessments also helps to distinguish these items from the risk documentation in general, which have been the subject of a more detailed assessment.
We will add a new setting to Cyberday that further automates risk evaluation and management. When you enable the risk autopilot mode, risks are automatically given an expert evaluation and the impact of related management tasks on the risk level is also automatically calculated.
Based on this, we aim to help you identify as effectively as possible the risks to which your organization should pay extra attention in. In the future, we will also develop factors that take into account the type of organization's operations (e.g. number and turnover of personnel, number of physical locations, special features of operations such as software development).
We've published a few changes to make the contents of the Taskbook clearer for every key user in your Cyberday account:
If you wish, you can now remove the possibility for employees to request wider access to Cyberday directly through Teams.
By default, when navigating the Taskbook or Organization dashboard tabs, a person is shown an info message and offered the option to request access if they do not already have permission to view this tab. If you pull the switch to the left, this button for access requesting will not be displayed.
Active employees can be involved in the continuous improvement of their Cyberday guidelines by commenting on them.
Now the owners of the guidelines will receive a weekly digest message of these comments from Cyberday Teams bot, if they have any untreated comments in the guidelines they own.
The guideline comments have also been better emphasized in the UI to make them stand out when needed.
You can now set the owner and a review interval similarly for reports as for any other content.
Report owner and review interval are displayed in the reports list view, which also got some improvements (e.g. search).
We created templates the most common policy documents from access control to encryption and malware protection policies to Cyberday. The content of the policy is automatically generated based on the tasks, guidelines, and documentation created for this theme.
You can take advantage of policy documents to distribute a clear summary of a particular topic to, for example, your company management or an auditor. The actual management of the security work is then done through tasks, giudelines and documentation - not left only in the document.
We developed the task cards in Cyberday a few steps forward. New things include:
We recommend utilizing the process description text along with the linked security system to define, what's the task owner's role in ensuring the security system is working as intended.
You can now leverage the NIST Cybersecurity Framework, a popular security framework developed by the National Institute of Standards and Technology (NIST), to strengthen your own cyber defense.
The CSF framework is a set of good security practices designed specifically for critical infrastructure operators to reduce security risks.
Cyberday provides you with ready-made pending tasks based on the frameworks you activate.
You can complement this set with your own custom tasks by clicking the "Add task" button in the upper right corner of a task list.
Now, in this situation, you can also make connect the task to relevant parts of a framework, if you wish. This information will then be displayed on the task card, and in compliance reports the task will be highlighted in connection with related requirement / control / section of the law.
You can now find the recordings of our latest webinars as well as upcoming webinars from the "Webinars and support" page, which can always be found in the Cyberday left menu.
Be sure to take advantage of all our support methods and also remind your colleagues of them if necessary! 🙂
When you are setting a review interval e.g. for a task or a documentation list, you can now set the first review to where you want it, such as the end of the year or quarter.
You will see an additional step when setting the review interval, which is optional. If you do not set a custom date, the first review will automatically be set in one review cycle's time from today.
Guidebook is the view in Cyberday that's designed for all employees. We wanted to clarify the user experience in Guidebook improve its usability. Along with this update we changed e.g. following things:
When selecting an owner e.g. for a documentation item or a task card, you can now just start typing in the name of the correct user to find what you're looking for.
Less scrolling, when you manage to involve many people on your ISMS. 👍
Now, in addition to connecting more individual participants, it's also possible to connect whole units to documentation items. You'll find this feature under the same "Add people" link on the documentation card top section.
You can use this for sharing the actual responsibility of filling the documentation or creating awareness of important data assets for each unit.
.svg)
.png)
