ACADEMY / Cyberday blog

/

Efficient cyber risk management with new autopilot mode

Efficient cyber risk management with new autopilot mode

Each cyber security standard speaks in its own way about managing security risks and sets requirements for risk management. Risk management is undoubtedly at the heart of cyber security and part of credible information security management.

In our opinion, the most important idea of effective cyber risk management is to get the organization to focus on the right things. However, implementing risk management is not easy, especially when starting from a blank paper.

For this reason, we are constantly working to find new ways to help organizations create effective security risk management through automation. As the latest addition, we have introduced the autopilot mode of risk management to Cyberday. This post describes its concept in more detail.

Autopilot mode for cyber risk management

The management of security risks is related to many areas in Cyberday. Risks can be e.g. identified through security incidents or upcoming changes. In addition, risk management is supported by an extensive risk bank with comprehensive examples of information security risks.

Cyberday always strives to automate those sections of risk management that can be automated. The degree of automation depends on the use of autopilot mode.

Cyberday always automates the following parts of the risk management process:

  • Identifying new risks to the Cyber security risks -list
  • Linking activated tasks to identified cyber security risks

These features automatically provide you with a list of security risks which you are already controlling with your security tasks.

When autopilot mode is ON, also the following parts are automated:

  • Gives an expert evaluation for the risk by filling values for impact and likelihood
  • Tunes the risk level according to the status and amount of connected tasks
  • Offers an evaluated and prioritized list of security risks for you for risk treatment

Autopilot mode is designed to highlight the security risks which probably would need more attention from your organization.

You can also at any time modify the evaluations given by the autopilot manually and connect tasks to risks that have not been automatically targeted correctly. Autopilot mode doesn't limit the actions available for you in any way - it just tried to automate the parts that are possible to automate.

This is how to enable the risk autopilot

The autopilot mode for cyber risk management is automatically enabled for new Cyberday accounts. Current users can enable the mode with the following steps:

  1. Go to Organization dashboard -tab
  2. Click Settings from left menu
  3. Click Expand on the section Risk management settings
  4. Turn the switch to ENABLED next to Risk autopilot

You can safely test the autopilot mode. If you later turn off the mode, no data will be lost or overwritten.

Coming up: More development to autopilot mode through organization's risk profile

We also want to take into account the characteristics of the organization's operations in the automated risk evaluations. Different activities highlight different security risks:

  • Lots of own software development = Highlighted technical vulnerability risks
  • Lots of employees and employee turnover = Highlighted personnel security and access management risks
  • Lots of physical equipment and premises = Highlighted physical security risks

So there will be a few key choices that can be used to automatically raise or lower the risk levels for risks in different themes based on whether these issues are highlighted in the organization’s operations.

Extra: Autopilot mode brings risks also to Dashboard

If you have enabled the risk autopilot mode, you will see a risk matrix also on the Dashboard, presenting a visual digest into the cyber risk management.

The matrix visually displays a selection of the risks of different impact and likelihood and their risk levels. The link above gives an easy access to the full risk list.

Want to learn more?

We look forward to hearing your wishes for further development of risk management. You can always book a meeting with us at a time that suits you. You can also always find out more about our risk management webinars.

See you soon! 👋