We will be publishing numerous new frameworks in the upcoming days. Here is the full list with short introductions:
We're continuing improvements on the Cyberday Community's Development ideas forum.
Now each user has more votes available (20 for suggested ideas). Removing votes from ideas is now possible too - also in the situation where you have used all your available votes.
Cyberday Trust centers let you share selected information security information with customers and other stakeholders in a professional and organized way.
You can enable your Trust center from the Reporting-page and define the wanted settings - e.g. which reports to include and will part of information will be available publicly or only by request.
We're currently doing initial testing of Trust centers and are looking to deploy this feature for customers in the upcoming weeks.
What should we focus on next? We want to help our customers answer this question more clearly in the future.
Soon the Dashboard will offer you clear and prioritized tips on how to improve the compliance score and assurance towards your chosen primary framework. You can continue to more detailed page that presents 10 actions you can take on both categories.
We're currently finalizing the tech of prioritizing the suggestions smartly and are looking to introduce this feature in the upcoming weeks.
When you've enabled the auto-evaluation for risks, we assist you in risk evaluation by filling in base values and adjusting them according to your current risk control tasks.
Risk control factor, RCF, communicates how well your current control tasks are already mitigating the risks.
Details for counting the RCF are available always on the risk card, and more details on the related help article.
Related help article: Calculating risk level in Cyberday
Your account admins can now grant our team a time-limited support access to your account. This is beneficial e.g. for training purposes and solving trickier customer support cases which you might have initiated.
When the access time ends or you revoke access, all support users are automatically removed.
Related help article: Allowing support access
We improved the "My Accounts" view, which is especially relevant for larger corporations (which utilize multiple Cyberday accounts) and Cyberday partners who help users with multiple accounts.
My accounts page now shows better information about the compliance scores of different frameworks and their progress.
In addition, there is a new "Compare Accounts" view, which makes it easy to compare different accounts:
We released several smaller improvements to the recently released vendor security assessments, including:
In addition, existing accounts can now also complete self-assessments (e.g. for a new framework) using refreshed assessment tools.
We have already received several wishes to further improve assessments (e.g. assessments for different frameworks for different vendors, and adding your own questions) and we will continue to work on these in the near future. 👍
If you're distributing Cyberday via Teams app setup policies, new users will get created automatically in Cyberday.
Now the same integration also handles user de-activation when you delete them from your tenant. After the de-activation, you'll be notified and can e.g. re-assign their content (if relevant) according to this help article.
Our language selection has expanded. Latvia and Lithuania have also been active with their own NIS2 legislation, which has already been finalized in both countries. These versions of the NIS2 laws will also soon be available in Cyberday as frameworks.
We've continued with multiple smaller improvements to the recently created vendor security assessments:
Our web app domain changed to app.cyberday.ai recently. This was related to our company name update, which we communicate more in this blog post.
The change is mostly invisible (e.g. all old links will redirect properly and everything will work just the same). But if you e.g. have some specific security systems allowing our old domain, you'd need to add our new domain there too.
In larger corporate group (i.e. groups of companies), there can be on main account responsible for sometimes setting additional requirements for subaccounts for certain tasks and sometimes offering the group-level implementation for some tasks.
Now this can be implemented better inside Cyberday. One account in a group of accounts can be assigned as the "corporate group account", which can then decide to share some task descriptions forward for sub accounts.
Sub accounts will receive the shared descriptions instantly, but need to otherwise manage the task normally and write their own "Account-specific additions" to the process description.
N.b.! This feature needs to be enabled the first time by contacting our team e.g. through the chat or at team@cyberday.ai.
CyberFundamentals, maintained by Centre for Cybersecurity Belgium, has been published in Cyberday.
The Belgian NIS2 law also refers quite directly to CyberFundamentals to define measures that meet NIS2 requirements.
CyberFundamentals offers a very comprehensive perspective on information security, borrowing many elements from, among others, the NIST CSF and ISO 27001 frameworks.
We will soon be releasing the first version of our new vendor security assessments feature.
This feature will enable you to first categorize your partners to different sets - to name which ones should get your security assessment. Then you can send assessments out based on a selected framework.
Under Partner management, you will see the summaries of assessment statuses and scores got by different vendors.
P.s. Also your own self assessments will be enabled through the new assessment flow soon.