Recent development in Cyberday

For organizations that want to delegate risk assessment work to asset owners, we just published a new feature: asset-based risk identification.

If you enable this feature from Settings, the selected asset's documentation cards will show a pending risk identification workflow.

With the help of this workflow, asset owners identify detailed and relevant risks for this asset. Then they can continue normally forward with the risk workflow - straight from the asset's documentation card.

We published improvements to the information security risk management table and to the risk workflow.

Workflow for risks is now more clearly divided to the 4 main steps: identification, evaluation, treatment and monitoring.

Each step display a short instruction on what to do, and specific action buttons on the rows of the actual risks.

We will be adding some related changes to the risk documentation cards soon, that will support utilizing this renewed table even better.

The Cybersecurity Capability Maturity Model (C2M2) helps organizations evaluate their cybersecurity capabilities and optimize security investments.

This level includes the MIL1 requirements and other measures included in other supported frameworks, giving an estimated 50% coverage of the full framework.

We extended the functionalities on User stats -page and also at the same time moved it to a more prominent position on the left menu.

Now you'll have 2 separate tabs on the page:

• Overview: Get an overall understanding of how content is divided in your ISMS
• All ownerships: See from one place all the content that e.g. a selected user owns

You have plenty of other filters also at your disposal on the "All ownerships" -tab.

We are developing a visual mode to documentation cards, through which you can understand the connections between different items better.

A switch is planned to show up on top of the card to enable the visual mode. Editing would still be normally done from the card view.

‍

We are currently making improvements to the information security risk management table and to the risk workflow.

At the same time, we will introduce the possibility to deploy asset-specific risk assessments, which will allow the organisation to direct the owners of key assets (e.g. data system, data store, provider, site) to conduct a risk assessment that will go through the most important threats associated with that asset type.

The changes will be implemented so that they do not break or render useless any work previously done in related sections.

More information coming soon. 👍

Compliance reports are a main tool during information security audits.

Soon there will be a special compliance report search there to help you easily navigate to sections related to a certain topic that is discussed.

You'll see the search button on the fixed left menu and the results will be displayed on top right. Clicking takes you to the proper part of the report.

Internal auditors can now also type down other important notes when reviewing a requirement.

You can add either "positive findings" or "other notes", which can be used to e.g. document down what kind of evidence was checked when reviewing the requirement and related actions.

All notes are also then summarized on the audit's main documentation card.

You can now also select the review interval "No review" for wanted guidelines. These guidelines are then not included in the normal review cycle of guidelines.

You can use this selection for guidelines e.g. for things that are relevant only in the onboarding phase.

We improved usability e.g. with the "linked participants" selects and numerous other places.

We also improved saving your table sortings / filters / pages even better.

Let us know about any annoying small fixes to do - we're committed in implementing them fast.

We made improvements on Cyberday Academy and will keep on producing more content there regularly. More videos, blogs and helps to assist you in getting most out of Cyberday!

Embed reports now support accessible keyboard navigation to the appropriate part of the report. In the future, we will try to prioritize and study other accessibility improvements as well.

You can now also print out these reports for e.g. archiving, with a print view that shows all the details on one page - without navigation.

We introduced a couple of improvements on compliance reports

• Additional category for requirements that have all other tasks fully implemented apart from 'Low' priority tasks
• Description texts for different coloring on the report and clearer different colors
• New compliance score as a main metric for your framework compliance

We renewed the Reporting main page in Cyberday.

Goal was to more clearly group different kinds of reports, as we've been adding and will keep adding many different kinds of reports to Cyberday. We also display covers which already give an idea about the report contents.

We're going to be doing more reporting related development in the near future. 👍

You can now create report collection from the renewed Reporting-page.

When you create a report collection, these reports will be displayed on a separate tab (in the web client). In Teams the way to do the same thing is to add Cyberday app to a team.

Report collections can be used to e.g. gather together important reports to share for your auditor or top management, without granting them more extensive rights to the ISMS.