Recent development in Cyberday

We revamped the risk matrix that is visible on Dashboard and e.g. in the "Risk management report" -report.

The matrix has now been made to include clearer sections for different risk levels where risks can be evaluated to. When using the residual risk evaluations, you will also see a post-treatment matrix, which now includes all risks (including those directly accepted), so that you can understand the total effects of your risk treatment better.

What should we focus on next? We want to help in this thinking with automated improvement suggestions.

Cyberday's Dashboard now has a dedicated section for improvement suggestions, which help you either improve your compliance score or the assurance level towards your primary framework. From the dashboard, you can access a more detailed page that lists 10 actions for each topic - and helps you track progress.

When users make changes on your information security management system, all important actions are recorded and shown in event logs, both at the organizational level and under individual items.

When the change has affected description texts (e.g. task's process description, text field on a documentation card, guideline content), you will now see an earlier version of the content in the log event. This information allows you to revert to an earlier version if a change needs to be undone.

Cyberday trust centers let you share selected information security reports with customers and other stakeholders in a professional and organized way.

You can enable your Cyberday trust center from the Reporting-page and define the wanted settings - e.g. which reports to include and will part of information will be available publicly or only by request.

We improved the usability of the All tasks -page. You can now customize the set of visible columns for your preference and the choice will be remember for your user in the related account.

Currently the new available columns will include:

• Task review-related columns: Review date, review interval and review status
• Assurance-related columns: Task's assurance value (none, weak, medium or strong) and the more detailed assurance information
• Corporate group description info: Whether this task has a shared description (either shared to other accounts from this one, or shared to this one from corporate group's main account)
  

We will be publishing numerous new frameworks in the upcoming days. Here is the full list with short introductions:

• CIS 18 controls: The CIS18 critical security controls is a comprehensive set of instructions and measures released by The Center for Internet Security. Controls are designed to fix and prevent common vulnerabilities and to offer organizations a structured way to strengthen their security.
• DORA simplified RMF: The DORA RTS on simplified ICT risk management describes the key elements that financial entities subject to  lower scale, risk, size and complexity need to have in place to manage risks.
• Kibernetinio Saugumo Įstatymas (Lithuania): The Cybersecurity Act "Kibernetinio Saugumo Įstatymas" implements the European Union NIS2 law in Lithuania. It sets out requirements for various organisations to strengthen their cybersecurity risk management.
• La loi NIS2 (Belgique): The European Union NIS2 has been transposed in Belgium into national law as the NIS2 law. The law closely aligns with the EU NIS2 directive and features only minor national differences. It obligates and defines cybersecurity rules for companies registered in Belgium working in the critical sector.
• Nacionālās kiberdrošības likums (Latvia): NIS2 has been adopted as "National Cyber Security Act" in Latvia. It improves the security of information and communication technologies, including setting requirements for the provision and receipt of essential and important services and operation of information and communication technologies.
• NIST CSF 2.0: NIST CSF's new 2.0 edition is designed to help all organizations in any sector to achieve their cybersecurity goals with added emphasis on governance as well as supply chains.
• Zakon o kibernetičkoj sigurnosti (Croatia): Croatian implementation of the NIS2 The Cybersecurity Act (Zakon o kibernetičkoj sigurnosti NN 14/2024) has come into account in February 2024. It defines cybersecurity rules for Croatian companies with the same criteria as NIS2 with some exceptions.

We're continuing improvements on the Cyberday Community's Development ideas forum.

Now each user has more votes available (20 for suggested ideas). Removing votes from ideas is now possible too - also in the situation where you have used all your available votes.

Cyberday Trust centers let you share selected information security information with customers and other stakeholders in a professional and organized way.

You can enable your Trust center from the Reporting-page and define the wanted settings - e.g. which reports to include and will part of information will be available publicly or only by request.

We're currently doing initial testing of Trust centers and are looking to deploy this feature for customers in the upcoming weeks.

What should we focus on next? We want to help our customers answer this question more clearly in the future.

Soon the Dashboard will offer you clear and prioritized tips on how to improve the compliance score and assurance towards your chosen primary framework. You can continue to more detailed page that presents 10 actions you can take on both categories.

We're currently finalizing the tech of prioritizing the suggestions smartly and are looking to introduce this feature in the upcoming weeks.

When you've enabled the auto-evaluation for risks, we assist you in risk evaluation by filling in base values and adjusting them according to your current risk control tasks.

Risk control factor, RCF, communicates how well your current control tasks are already mitigating the risks.

Details for counting the RCF are available always on the risk card, and more details on the related help article.

Related help article: Calculating risk level in Cyberday

Your account admins can now grant our team a time-limited support access to your account. This is beneficial e.g. for training purposes and solving trickier customer support cases which you might have initiated.

When the access time ends or you revoke access, all support users are automatically removed.

Related help article: Allowing support access

We improved the "My Accounts" view, which is especially relevant for larger corporations (which utilize multiple Cyberday accounts) and Cyberday partners who help users with multiple accounts.

My accounts page now shows better information about the compliance scores of different frameworks and their progress.

In addition, there is a new "Compare Accounts" view, which makes it easy to compare different accounts:

• Progress on the same frameworks
• Activity in using the ISMS (number of activities in different periods, number of users)
• Various key event counts (risks, incidents, deviations)
  

We released several smaller improvements to the recently released vendor security assessments, including:

• ‍Viewing detailed vendor assessment results‍
• Re-sending assessment requests to vendors who have not yet responded
• Deleting assessments

In addition, existing accounts can now also complete self-assessments (e.g. for a new framework) using refreshed assessment tools.

We have already received several wishes to further improve assessments (e.g. assessments for different frameworks for different vendors, and adding your own questions) and we will continue to work on these in the near future. 👍

If you're distributing Cyberday via Teams app setup policies, new users will get created automatically in Cyberday.

Now the same integration also handles user de-activation when you delete them from your tenant. After the de-activation, you'll be notified and can e.g. re-assign their content (if relevant) according to this help article.

Our language selection has expanded. Latvia and Lithuania have also been active with their own NIS2 legislation, which has already been finalized in both countries. These versions of the NIS2 laws will also soon be available in Cyberday as frameworks.