What is your cyber risk score?
Quickly evaluate real and residual risk of your information system. Track your compliance evolution to the market security standards. Analyze cyber attack effects on your company network and set up an efficient action plan.
Key Risk Indicators
Key Risk Indicators (KRI) answer to the metric setting up under ISO 27 00X certification or other security standards. In addition, they are vital to the Chief Information Security Officer (CISO) to meet their daily and operational needs of reporting.
Their main benefits are to facilitate interaction between the CISO and the C-Suite thanks to comprehensive indicators and to allow prioritizing security teams interventions as well. The immediate effect is real risk reduction of the information system and therefore the stored data.
To establish company cyber risk scoring, SecludIT relies to 3 security standards:
⇒ The French Authority on Security of Information System (ANSSI);
⇒ The Open Web Application Security Project (OWASP);
⇒ The Payment Card Industry Data Security Standard (PCI DSS).
ANSSI Risk Scoring
The effect of each vulnerability is defined by 5 risk indicators from ANSSI.
These indicators have been introduced on the recommendations of the ANSSI hygiene guide and they place the protection of the Data (Integrity/Availability/Privacy) as a key component of the metrics.
OWASP Top 10 Risk Scoring
The impact of each vulnerability is highlighted on 10 categories of the most widespread and important web applications breaches according to an industrial group and web application security professionals: OWASP.
The OWASP-TOP 10 defines a list of the ten most critical Web application security issues. This ranking has become the reference in the field of web security: it is cited by many audits and security organizations (DoD, PCI Security Standard).
PCI-DSS Risk Scoring
The impact of each vulnerability is analyzed and compared to the PCI-DSS validation criteria.
PCI DSS compliance ensures the control points are implemented and they are effective for protecting credit card data. These control points are extended to the protection of the entire company data too.
Risk Scoring History
You can follow your company cyber risk level in real time.
For each security standard (ANSSI, OWASP and PCI-DSS) the risk level is updated automatically after each modification or new detected threat. KRI are needed to monitor your operational compliance level. To better prepare your meetings, all this data is downloadable and available in an electronic file in PDF format.