Cyber Risk Management

• Cyber Security Risk Management
• Supply Chain Risk Management

Cyber Security Risk Management

Overview:

Cyber Security Risk Management is a systematic approach to identifying, assessing, and mitigating risks associated with cybersecurity threats. It involves recognizing potential vulnerabilities and threats, evaluating their impact and likelihood, and prioritizing them based on their significance. Strategies are then developed and implemented to reduce or manage these risks, including technical solutions, policies, and procedures. Continuous monitoring and regular reviews ensure that risk management efforts remain effective and adapt to the evolving threat landscape, thereby protecting an organization's information assets and maintaining business continuity.

---

Navigate to the module:

• Click on the menu icon to show all the different modules

• Under Cyber Assessment, click on Cyber Security Risk Management
  

---

How to Register an Identified Risk:

From the main dashboard page, select "Risk Assessment" from the side panel, and then click on "Register Identified Risk."

• From here choose whether the risk is a Critical Core Business Function (CBF), non-critical CBF, or Both Critical and Non-Critical CBF.

• Once the information is filled on, click next.

• Once all these information have been filled out, that means you have successfully identified a risk. This would then be show on the risk assessment dashboard.

---

Task Management Dashboard:

The task management dashboard is a central tool for organizing, tracking, and prioritizing tasks within a project or team, offering a visual overview of deadlines, task statuses, and assigned team members. It often includes features like lists or Gantt charts to facilitate efficient planning and workflow management. When integrated with a risk management module, the dashboard allows users to link specific tasks to identified risks, monitor the implementation of risk mitigation strategies, and track progress on risk-related actions. This integration ensures that risk management activities are effectively managed and aligned with overall project goals, helping teams address potential issues proactively and maintain project timelines.

---

How to add a task:

• In the task management dashboard, find the "Create Task" button on the right-hand side, indicated by the red arrow. Click this button to open a modal where you can enter details about the new task. After filling out the necessary information, click "Save" to create the task. The newly created task will then appear on the dashboard, complete with all relevant details and its corresponding Gantt chart representation.

Risk Management Dashboard:

Risk management in cyber risk management involves identifying, assessing, and prioritizing potential threats to an organization's information systems and data. This process includes evaluating the likelihood and impact of various risks, implementing controls to mitigate those risks, and continuously monitoring and adjusting strategies as threats evolve. A risk repository plays a crucial role in this framework by serving as a centralized database where all identified risks, their assessments, mitigation measures, and status updates are documented. This repository enables organizations to maintain a comprehensive view of their risk landscape, track the effectiveness of their risk management strategies, and ensure that risk information is accessible for informed decision-making and compliance purposes.

To access the timeline, files, and comment for a specific risk, click on any values on the risk repository to view more information.

---

Dashboard:

• Provides an overview of the organization's current risk status.

---

Risk Score:

• Represents the overall risk level of the company.

• Clicking on the risk score provides a detailed breakdown of severity levels.

---

Summary of Findings:

• Provides insights into how the country prevents, withstands, and recovers from cyber-attacks.

• Click on view all to access more details about the summary of findings

---

Risk Posture of your organization:

• Presents the risk posture of the organization, including risks that are mitigated, transferred, avoided, or accepted.

---

Overall Impact Breakdown:

• Illustrates how the organization handles identified risks.

Click on any of the different impacts to view more details.

---

CRAMTM Live View:

• Offers a dynamic presentation of the organization's structure:
• The center represents the organization.
• Three surrounding circles depict Critical Business Processes.
• Connected circles represent Critical Business Functions.
• Other nodes represent business vectors.

Click on any of the surrounding nodes to view more details

---

Overall Probability Breakdown:

• Provides information on the likelihood of identified events occurring within the organization.

Each point on the chart illustrates various factors that influence the probability of cyber risk. To view detailed information about them, click on any point on the chart.

---

Asset Identification:

CRAM™ (Cyber Risk Assessment and Management) building blocks form a comprehensive framework for addressing cyber risks. They include Risk Identification to recognize potential threats and vulnerabilities, Risk Assessment to evaluate and prioritize these risks based on impact and likelihood, Risk Mitigation to develop strategies and controls to reduce or eliminate risks, Risk Monitoring to track the effectiveness of these strategies and adapt to evolving threats, Risk Communication to ensure that information about risks and mitigation efforts is clearly conveyed across the organization, and Risk Governance to oversee and manage the overall risk management process. Together, these components provide a structured approach to effectively manage and mitigate cyber risks.

---

Geo Location:

A geographic map incorporating metrics like Market Vulnerability Level, Market Threat Level, Market Impact Level, and Market Cyber Resiliency offers a visual representation of cyber risks across different regions or markets. This map helps organizations identify areas with high susceptibility to threats, understand the intensity of cyber threats in various locations, evaluate the potential impact of cyber incidents, and gauge the resilience of different markets in responding to and recovering from attacks. By visualizing these factors, the map aids in prioritizing risk management efforts, allocating resources effectively, and tailoring strategies to address specific regional needs and vulnerabilities.

If you need further assistance, kindly contact our support at info@cytechint.com for prompt assistance and guidance.

Supply Chain Risk Management

Overview

The dashboard provides with an overview of vendor and supply chain risks. It features a supply chain risk score, vendor comparisons, vendor assessments, and vendor categorization. This information enables informed decision-making regarding vendor relationships, and overall supply chain risks.

User Manual

Navigating to Supply Chain Risk Management Module

To navigate to the Supply Chain Risk Module.

• Go to Cyber Assesment.
• Then Click the Supply Chain Risk Management (SCRM).

Vendors Tab

 To view the Vendors tab, click the arrow button then click the "Vendors" tab.

Onboarding a New Vendor

To Onboard a new vendor, you can do that by clicking the "Onboarding" tab, then click "Onboard New Vendor" button.

After clicking the button, a form will show asking for the details of a vendor.
Required Fields:
      - Vendor Name
      - Vendor's Relationship
      - Vendor's Main Office Location
      - Vendor's Industry
      - Company Logo
      - Description

After clicking the "Next" button, a new form will show asking for the Vendor's Main Contact.
Required Fields:
      - First Name
      - Last Name
      - Email Address
      - Phone Address

After finishing the form, the vendor you have added will show in the "To be Classified" tab in the Vendor section.

If you wish to proceed by classifying a vendor, then click the "Classify" button located at the bottom right of the specific vendor that you've added.

Supply Chain Classification: Upon clicking the classify button in the "To Be Classified" tab, a form will appear designed to gather information about a vendor. The form is designed to gather information about a vendor to classify them based on their criticality and spend within the supply chain. This classification will help determine the appropriate level of management and oversight for the vendor relationship.

After submitting the form, the results will show in the "To be Assessed" tab.

• Supply Chain Assessment: Upon clicking the start button in the "To be assessed" tab, you will be prompted to choose one of the "7 Pillars of Assessment" to start evaluating. As you complete the assessment for each pillar, you can expect the progress bars to update, visually indicating how much of the overall assessment is done.After completing the assessment you can click the "Submit" button below to save the changes. Then you can view the calculated assessment risks after that.
  

  

The results will be shown in the Dashboard It offers a summary of risks related to vendors and the supply chain. It includes a risk score for the supply chain, comparisons between vendors, evaluations of vendors, and categorization of vendors. This data supports better decision-making about vendor partnerships and overall supply chain risks.

Vendor Profile: Upon clicking the "View Profile" button in the Onboarded Vendors tab, a page will pop-up and provides a summary of a vendor's classification and assessment within your organization. It helps visualize the vendor's strategic importance and potential risks, guiding appropriate management and oversight.

Dashboard Components

• Overall Supply Chain Risk Score Component: This gauge provides a comprehensive view of the total risk score associated with your current vendors, offering insight into the overall risk exposure within your supply chain.

• New Vendors Component: Two-line graphs track the influx of new vendors. The blue line depicts the number of newly onboarded vendors for the current week, while the gray line reflects data from the previous week, aiding in trend analysis and risk assessment.

• Critical Vendors and Most Spent Vendors: This section highlights the vendors deemed most critical based on their risk score and ranks the vendors by expenditure, allowing you to prioritize risk mitigation efforts and expenditure management effectively.

• Risk by Each Vendor: Vendor risk is ranked from high to low, enabling you to identify and prioritize risk management strategies for individual vendors based on their risk profile.

• Overall Vendors Classification Quad: This component visualizes vendors across four classification quadrants—Operational, Strategic, Commodity, and Tactical—providing a comprehensive view of vendor distribution and classification, aiding in strategic decision-making.

• Vendors: This section includes three tabs—Onboarded Vendors, To Be Classified, and To Be Assessed—facilitating organized vendor management. While only three vendor cards are displayed due to space constraints, a carousel button allows for seamless navigation and access to additional vendor information.

Current Vendors:

• Onboarded Vendors: This tab displays vendors that are currently integrated into your supply chain, providing crucial details such as vendor name, classification, risk score, and expenditure. Organized and classified, this information enables efficient monitoring and management of existing vendor relationships.

• To Be Classified: Vendors in this tab are awaiting classification based on their criticality, risk level, and strategic importance. By prioritizing classification efforts, you can ensure that vendors receive appropriate risk management measures and strategic alignment within your supply chain.

• To Be Assessed: This tab identifies vendors that require thorough assessment to evaluate their risk profile and compliance with organizational standards and requirements. Assessing these vendors enables you to mitigate potential risks and ensure regulatory compliance across your supply chain network.

With these tabs, you can systematically manage your vendor ecosystem, from onboarding and classification to ongoing assessment and risk mitigation, fostering resilience and integrity within your supply chain operations.

• Navigator: This component provides a quick overview of the distribution of items or data across different categories.

• Delete a vendor: You can delete a vendor by clicking the button at the upper right corner. 

• Search: You can also search a vendor by using the search bar.

If you need further assistance, kindly contact our support at info@cytechint.com for prompt assistance and guidance.