How It Works

Establishing Your myCYPR Score

Solution

Every organization has a unique profile, risk management needs and budget. The myCYPR solution is a flexible cyber risk management platform meeting your unique requirements. Build your cyber risk program by selecting the modules appropriate for you.

Build your program and establish your myCYPR score. Select one module which is appropriate for you or create a custom program mixing data modules to match budget, risk profiles or for multiple third party vendors.

Or see it in action through this case study.

A Key Differentiator

Build a COMPLETE Program Based on Your Risk Management Requirements

The myCYPR cybersecurity ratings platform provides multiple levels of data collection based on budget and risk requirements. If an organization wanted to self evaluate to meet compliance goals or identify risk which should be remediated to protect their data and brand, they could choose the myCYPR OPSEC | Assess module.

Your organization may also want to manage the risk presented through the relationship and interactions with vendors. Not every vendor presents the same risk however, and the myCYPR platform provides the ability to build the program which evaluates risk based on varying collected data so that you can decide how to manage your vendor risk. Budget may drive this decision or maybe the level of risk created through a varying level of data and systems interaction. So if you had ten vendors, you could have the two which interact with your most sensitive data complete a myCYPR OPSEC | Assess module and the others just receive a myCYPR OSINT | Auto module. All will receive the myCYPR score weighted against the data set selected. Your myCYPR dashboard would indicate everyone’s current rating allowing you to manage your COMPLETE risk profile easily in one location.

OPSEC | Assess

Provides Significant Value

A full myCYPR risk rating includes an in-depth compliance assessment including gap analysis mappings to the NIST Cybersecurity Framework and the Center for Internet Security’s Twenty Critical Security Controls by default, a comprehensive internal and external Vulnerability Assessment, an Application Risk Assessment and detailed remediation recommendations.

Next Generation Security Assessment

More Info

Identify the cybersecurity risk in your environment firstly through a detailed analysis and inspection of the technical vulnerabilities present on all internal and external IP addresses in the network. The second element performs a detailed review of the cybersecurity posture and program through an extensive 25 point review based on common cybersecurity controls from public cybersecurity standard such as NIST CSF and CIS CSC. Finally the security assessment is extended with a detailed enumeration of all applications in use within the organization, Commercial-off-the-shelf applications as well as custom developed applications and cloud based applications. Each is enumerated and evaluated against several criteria determining their risk to the organzation.

All of this analysis and data collection provides the data set used in determining a very accurate myCYPR OPSEC | Assess risk score. Several thousand data points are gathered and analyized over a few week period.

The deliverable will present findings, ratings, and detailed recommendations in a digital report as well as through a next generation dynamic online platform. This allows the user multiple ways to interact with the data and digest the recommendations in a manageable way. It also provide a mean to report current state after the assessment to management or a third-party partner.

Complaince Management

More Info

Mappings to the the NIST Cybersecurity Framework (NIST CSF) and The Center for Internet Security’s Twenty Crictical Security Controls (CIS CSC) standards will be provided by default. Additional mappings to cybersecurity regulations or standards are also available at an additional investment, such as ISO 27001, HIPAA, CMMC, to name a few.

myCYPR also provides a dashboard ready to manage your level of compliance. The dashboard will provide current state of compliance, identify the gap and allow you to manage and prioritize remediation according to risk impact and budget.

Third-Party Vendor Risk Management

More Info

Your business partners which have access to or manage your organizations critical and sensitive data can be a significant risk to your brand and operation. Many of the most talked about large breaches over the past few years have been through third-party relationships. Having an ability to gather more visibility in to this risk is important as is taking this visibility past just historical open source intelligence.

That’s why so much of the industry has resorted to internally managed self-assessment questionnaire’s. This has unfortunately resulted in the growth of a new team dedicated to gathering and interpreting the questioinaire results. Why take on that responsibility yourself? What if the partner does not understand the question and answers inaccurately?

myCYPR provides a platform where you can choose which data set is appropriate for the risk the thrid-party present to your operation and most importantly the OPSEC | Assess provides very detailed actionable recommendation to remediate any issues identified.

OPSEC | SAQ

Cost Efficient & Moderate Accuracy

This myCYPR data set is comprised of all the data collected in the OSINT | Auto data set as well as the addition of a Self-Assessment Questionairre (SAQ) gathering specific current state information from the target organization. This SAQ is reasonable in size and focuses on 25 key areas of cybersecurity posture enumerated from several common standards for cybersecurity such as the NIST Cybercesurity Framework and the Center for Internet Security’s Twenty Critical Security Controls among others.

Self-Assessment Questionnaire

More Info

A Self-Assessment Questionnaire (SAQ) is a method to collect information from your vendor or partner without unreasonable expense. It offers a balance of risk awareness versus cost. The SAQ reviews 99 areas of a cybersecurity maturity profile which is designed to be completed in less than 2 hours. It creates a method to manage the results and compare all your vendors against a common scoring platform. No more interprecting clever responses or managing large amount of varying responses.

The SAQ simplifiles managing the whole process and your vendors get to use a dashboard of their results to mange their own posture post completion of the questionnaire, providing ongoing ability for you to monitor improvement and give your vendor a chance to manage their own posture as it evolves.

Flexible and Extensible

More Info

Of course one of the key challenges with any SAQ is validation of the responses. Resondents don’t always invest the time to accurately provide unembellished responses. The myCYPR SAQ provides multiple methods to improve the accuracy and reliability of the SAQ.

1. The respondent can provide several additonal layers of risk management response including recording an acknowledgement of non-compliance, but define a Plan of Action & Milestone (PoAM) for the control objective. This encourages truthfulness and an ability to explain the current state.

2. Up to three different people are invited to review or provide input to the SAQ within the target organization. These roles are the initial data provider, the reviewer and final attestation to the response selection.

3. The SAQ can be configured to request or require evidence submission of compliance. This evidence will be manually reviewed and accepted or revisions requested by our seasoned team of security consultants.

Third-Party Vendor Risk Management

More Info

The myCYPR SAQ is a great way to cost effectively establish a view into the risk your vendor reletionships are exposing your organization to. Is provides accurancy, simplicity and a method for monitored vendor self improvement.

OSINT | Auto

Inexpensive Indicator of Risk

The myCYPR risk rating suited for an inexpensive quick view into possible indicators of risk utilizing open source intelligence. This data set produces a rating which is simular to others in the market but plays a role in a larger program scoring organizations which have a low risk profile or do not contain sensitive data.

Open Source Intelligence

More Info

The OSINT | Auto data set provides a fast and high level perspective into an organzaition’s risk profile. It reviews publically available cyber risk indicators without interaction fromt the target.

The data set is built from Open-Source Intelligence (OSINT) relating to cyber hygene, news, and user behavior. These artificats are collected through automated collection engines from the targets infrastructure exposed to the public Internet as well as from the the Dark Web.

Automated and Fast

More Info

The data set is collected within minutes not days, providing a quick view into one organizations risk profile versus anothers. It can be run several times and even in a ongoing monitoring perspective providing a historical view of improvement or elevating risk profile.

High-Level Risk Indicator

More Info

The use case for this data set is to gather a quick and inexpensive indicator of risk based on publically available data. The accurancy of the data is based on the artifacts identified. 

Internal, Third-Party, M&A;  a score for everyone.

Solutions for every organization in every market.

Contact