Once the subscription documentation has been returned to nCybr Inc, the users get loaded and a username is assigned. Each User is sent a confirmation email that they have been loaded.
The log in domain is: https://www.ncyrisk.com
Click on “Login”
When logging in for the first time, click on “Reset Password”.
The system will prompt for the “User Name” as well as the “Email Address”. If these are as recorded in the system, an email is sent to the User with the link for the User to set their own Password.
The menu bar is along the top of the Product. By Clicking on these you access their respective functionalities.
DEFINE:
“Define Assets” – The IT Assets are refined to reflect those of the organisation.
“Threat Environment” – The Inherent Threats can be refined to reflect the Industry of the Organisation
“Define Compliance Report” – The details are customised for inclusion in the “compliance report”
CONTROLS ASSESSMENT:
“Directory” – The full listing by Category and Sub-Category of Controls
“Control Assessment” – The existence and application of the control is ‘self-assessed’.
DASHBOARD:
Overview of Completeness of review, highest Risks, highest Threats, and next recommended Remediation Controls
REVIEW:
The capability to review Lists of Risk, Threats & Remediation Controls
REPORTS:
Compliance Reports that are Standards based (ISO 27002, NIST 800-53, NIST CSF, CIS)
Remediation Controls based on a Standard
Controls Commentary
Report of Remediation action steps
EXPLANATORY NOTE
OPTION:
The Client can opt to first review “Primary Controls” ahead of also reviewing “Secondary Controls”. The Organisation would seek to prioritise implementing all Primary Controls first.
By having completed a Controls Review, and by the Controls being mapped to Cyber Security Standards (NIST, ISO27002, CSF or CIS), a related Compliance Report can be drawn per Standard.
By clicking on the tab “Reports” the dropdown reflects the Standards that can be reported on.
By clicking on the respective Standard, nCyRisk presents a compliance table of the Controls “Applied”, “Partially Applied” or “Not Applied”.
The table is an analysis of the application of controls. The manner for improvement would entail continual remediation of controls from the column “Partially Applied” and “Not Applied” to the “Applied” column. The intelligence sought would be “What is the next best Control to remediate per Standard Category?”
By clicking on the tab “Reports” and selecting “Compliance Remediation Report” , nCyRisk produces the a report of the next recommended Control to be considered for Remediation by Category.
The Standard is selected from a dropdown ‘Framework’. Once selected click ‘View Report’.
The numeric before the Control description is the Controls ranking under that Category of the Standard, ie “1” means that it is the highest ranked Control under that Category.
The Compliance report provides assurance by the extent to which Controls have been applied in relation to the required Standard. The Report is customised per client.
Click on the tab “Define” and select “Define Compliance Report”
Click “Update” to update the Compliance Report.
To produce the Report, click the tab “Reports”, select the Compliance Standard from the dropdown.
Click on the dropdown “Save” button and select the PDF to create a printable version