Cyber Security frameworks

We support two primary frameworks to guide your cyber security strategy: CIS (Center for Internet Security) and NIST (National Institute of Standards and Technology).

Levels of CIS:

IG1 (18 controls, 43 criteria):
– For small to medium organizations with limited IT and cybersecurity knowledge.
IG2 (20 controls, 142 criteria):
IG2 (20 controls, 142 criteria) – For medium-scale organizations with dedicated cybersecurity teams, handling sensitive client and internal data.
IG3 (20 controls, 168 criteria):
For organizations requiring specialized cybersecurity expertise, subject to oversight, ensuring service availability, data confidentiality, and integrity. Attacks on these entities can impact public welfare.

NIST develops cybersecurity standards, guidelines, best practices, and other resources to meet the needs of U.S. industry, federal agencies and the broader public.

The NIST framework is used by many organizations globally to manage their Cyber Security controls.

We offer a full NIST framework of controls in our system. This enables any organization that needs to be NIST compliant to have a full system with Risk Action Plans for all each function / category / sub-category criteria.

Tools

CyberXposure offers a comprehensive suite of tools designed to enhance your organization’s cybersecurity posture. Here’s an overview of our key features:

01_Assessments

Customize assessment frequency—monthly, quarterly, bi-annually, or annually—to fit your organization’s needs. Define your team with appropriate permissions and utilize our assessment templates (CIS 8.0 or NIST). Organize your units—subsidiaries, departments, locations, or other divisions—and initiate your first assessments seamlessly.

02_Assessment Capture

Evaluate each framework control and criterion, set expected scores, and document findings with notes and “Evidence of Activity.” Monitor progress through graphical representations and the dynamically generated Risk Action Plan, enabling prompt action based on recommendations.

03_Management Dashboard

Gain a holistic view of your organization’s cyber-resilience status. Our dashboard provides insights into:

These metrics are essential for reporting progress to organizational leaders.

04_Risk Matrix

Our Risk Matrix evaluates Impact and Likelihood across a 25-block grid, providing a quick visual of control/function positions. Color-coded indicators highlight areas of concern, facilitating swift identification of potential risks. All reports, graphs, and images are exportable for inclusion in external documents.

05_Assessment Dashboard

Analyze individual assessments for each business unit and compare them to previous evaluations. Examine risk distribution, likelihood distribution, function scores, control ratings, and detailed assessment results. Maintain a comprehensive repository of cybersecurity information for each unit by adding notes and “Evidence of Activity.”

06_Risk Action Plan

During assessments, we dynamically generate a Risk Action Plan outlining specific actions required to transition from non-conformance to conformance, prioritized by Key Performance Indicators (KPIs). Unresolved risk areas remain in the risk register, allowing for continuous monitoring and action in subsequent review periods.

By leveraging CyberXposure’s features, your organization can systematically enhance its cybersecurity posture, ensuring a robust defense against evolving threats.

07_3^rd Party Risk Management

Easily assess third-party vendors with periodic evaluations based on any framework within the system:

Review, generate action plan, budget, rectify, monitor, review

Easily manage ongoing reviews of Cyber Security in your organisation.

Use the Risk Action Plan to rectify all issues arising.

Monitor your Cyber Security status on an ongoing basis.

Compare business units and their security stance to improve throughout your organization.