How it works

How systematic information security work starts in Cyberday?

Learn how to configure your management system, how to describe your current state of actions against best practice frameworks and how to improve even further.

Tietosuojamalliin luottavat isot ja pienet, yritykset, kunnat ja järjestöt.

1. Choose your frameworks

When you activate the most relevant frameworks for your organization, Cyberday builds you the optimal security program to get you compliant. Many of the tasks are connected to requirements on multiple frameworks. You can start with one for clarity, or activate many immediately.

2. Get prioritized task lists for each theme

Next step in your implementation is to delegate each theme and set the current status of pending tasks. After this you can understand your current compliance level with the selected frameworks.

3. Implement and gather assurance according to task type

Technical tasks are often implemented with technology. Link your chosen security system to demonstrate you have implemented the task. You can also use additional assurance info to e.g. demonstrate task owner's responsibilities in ensuring the protection works.

People tasks are implemented by ensuring organization's staff works securely. Define guidelines in the linked lists and distribute them through Guidebook tab. Teams bot automatically notifies staff when they have unread guidelines.

Organizational tasks need planning and writing. Use the documentation and report templates linked on the task card to e.g. gather key information about data assets, create continuity plans, analyse risks or create shareable documents.

There are also a lot of supporting tasks that are implemented by having a clear, written-down process. You can always utilize other assurance methods, when needed.

4. Harden your assurance, when needed

You also have a growing list of other assurance methods available. You can use these to e.g. delegate the implementation for multiple people, link additional guidelines to non-people tasks or write an internal how-to description about the implementation.

5. Understand your security level when compared to best practices

Compliance report displays, which requirements you have already implemented and how. You can understand what your level is and clearly communicate about it for an auditor or for your own top management.