How It Works

Establishing Your myCYPR Score

Solution

Every organization has a unique profile, risk management needs and budget. The myCYPR solution is a flexible cyber risk management platform meeting your unique requirements. Build your cyber risk program by selecting the modules appropriate for you.

Build your program and establish your myCYPR score. Select one module which is appropriate for you or create a custom program mixing data modules to match budget, risk profiles or for multiple third party vendors.

Or see it in action through this case study.

A Key Differentiator

Build a COMPLETE Program Based on Your Risk Management Requirements

The myCYPR cybersecurity ratings platform provides multiple levels of data collection based on budget and risk requirements. If an organization wanted to self evaluate to meet compliance goals or identify risk which should be remediated to protect their data and brand, they could choose the myCYPR OPSEC | Assess module.

Your organization may also want to manage the risk presented through the relationship and interactions with vendors. Not every vendor presents the same risk however, and the myCYPR platform provides the ability to build the program which evaluates risk based on varying collected data so that you can decide how to manage your vendor risk. Budget may drive this decision or maybe the level of risk created through a varying level of data and systems interaction. So if you had ten vendors, you could have the two which interact with your most sensitive data complete a myCYPR OPSEC | Assess module and the others just receive a myCYPR OSINT | Auto module. All will receive the myCYPR score weighted against the data set selected. Your myCYPR dashboard would indicate everyone’s current rating allowing you to manage your COMPLETE risk profile easily in one location.

OPSEC | Assess

Provides Significant Value

A full myCYPR risk rating includes an in-depth compliance assessment including gap analysis mappings to the NIST Cybersecurity Framework and the Center for Internet Security’s Twenty Critical Security Controls by default, a comprehensive internal and external Vulnerability Assessment, an Application Risk Assessment and detailed remediation recommendations.

Next Generation Security Assessment

More Info

Identify the cybersecurity risk in your environment firstly through a detailed analysis and inspection of the technical vulnerabilities present on all internal and external IP addresses in the network. The second element performs a detailed review of the cybersecurity posture and program through an extensive 25 point review based on common cybersecurity controls from public cybersecurity standard such as NIST CSF and CIS CSC. Finally the security assessment is extended with a detailed enumeration of all applications in use within the organization, Commercial-off-the-shelf applications as well as custom developed applications and cloud based applications. Each is enumerated and evaluated against several criteria determining their risk to the organzation.

All of this analysis and data collection provides the data set used in determining a very accurate myCYPR OPSEC | Assess risk score. Several thousand data points are gathered and analyized over a few week period.

The deliverable will present findings, ratings, and detailed recommendations in a digital report as well as through a next generation dynamic online platform. This allows the user multiple ways to interact with the data and digest the recommendations in a manageable way. It also provide a mean to report current state after the assessment to management or a third-party partner.

Complaince Management

More Info

Mappings to the the NIST Cybersecurity Framework (NIST CSF) and The Center for Internet Security’s Twenty Crictical Security Controls (CIS CSC) standards will be provided by default. Additional mappings to cybersecurity regulations or standards are also available at an additional investment, such as ISO 27001, HIPAA, CMMC, to name a few.

myCYPR also provides a dashboard ready to manage your level of compliance. The dashboard will provide current state of compliance, identify the gap and allow you to manage and prioritize remediation according to risk impact and budget.

Third-Party Vendor Risk Management

More Info

Your business partners which have access to or manage your organizations critical and sensitive data can be a significant risk to your brand and operation. Many of the most talked about large breaches over the past few years have been through third-party relationships. Having an ability to gather more visibility in to this risk is important as is taking this visibility past just historical open source intelligence.

That’s why so much of the industry has resorted to internally managed self-assessment questionairre’s. This has unfortunately resulted in the growth of a new team dedicated to gathering and interpreting the questioinaire results. Why take on that responsibility yourself? What if the partner does not understand the question and answers inaccurately?

myCYPR provides a platform where you can choose which data set is appropriate for the risk the thrid-party present to your operation and most importantly the OPSEC | Assess provides very detailed actionable recommendation to remediate any issues identified.

OPSEC | SAQ

Cost Efficient & Moderate Accuracy

This myCYPR data set is comprised of all the data collected in the OSINT | Auto data set as well as the addition of a Self-Assessment Questionairre (SAQ) gathering specific current state information from the target organization. This SAQ is reasonable in size and focuses on 25 key areas of cybersecurity posture enumerated from several common standards for cybersecurity such as the NIST Cybercesurity Framework and the Center for Internet Security’s Twenty Critical Security Controls among others.

Self-Assessment Questionnaire

More Info
Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

Open Source Intelligence

More Info
Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

Third-Party Vendor Risk Management

More Info
Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

OSINT | Auto

Inexpensive Indicator of Risk

The myCYPR risk rating suited for an inexpensive quick view into possible indicators of risk utilizing open source intelligence. This data set produces a rating which is simular to others in the market but plays a role in a larger program scoring organizations which have a low risk profile or do not contain sensitive data.

Open Source Intelligence

More Info
Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

Automated and Fast

More Info
Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

High-Level Risk Indicator

More Info
Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

Internal, Third-Party, M&A;  a score for everyone.

Solutions for every organization in every market.

Contact