Cyber Risk Analysis
The Cyber Risk Analysis Report aggregates risk analysis from multiple assessments performed on the network, providing you with both a Cyber Risk Score and a high-level overview of the health and security of the network. This includes a summary of individual issues, as well as their severity and weighting within the risk analysis. At the end of the report, you can find a summary of the assets discovered on the network, in addition to other useful information organized by assessment type.
Cyber Risk Management PlanThe Management Plan ranks individual issues based upon their potential risk to the network while providing guidance on which issues to address by priority. Fixing issues with lower Risk Scores will not lower the Overall Risk Score, but will reduce the global Issue Score. To mitigate global risk and improve the health of the network, address issues with higher Risk Scores first.
External Vulnerability Scan Detail by Issue ReportA more compact version of the External Vulnerability Scan Detail report that is organized by issues. Devices that are affected are listed within an issue type. This report is useful for technicians that are looking to resolve specific issues identified within the environment, rather than performing remediation on a particular system.
Network Assessment Full Detail ReportThis report provides comprehensive documentation of the current configuration and use of the network. The report shows assets in high-level views, allowing you to easily get an overall assessment of the entire network. Discovered issues are highlighted, making it easy to spot individual problems
Compensating Control WorksheetThe report is used present the details associated with security exceptions and how Compensating Controls will be or have been implemented to enable compliance. Here you can document any false positives. You can also indicate if you have taken measures to reduce or avoid any issues identified in the assessment that might not otherwise appear in your assessment documentation. The benefit of this feature is that it adds back in the human element into the assessment and allows for explanation of special circumstances and specific environment requirements.
Response Verification Reports (AIG Application, AIG Self- Assessment, Axis, BCS, Beazley, Chubb, CNA, Travelers, XL Group)With Cyber Insurance Manager, you can perform insurance assessments based on specific criteria from several different insurance carriers. Depending on the carriers you select, you will be prompted to answer various questions about your overall site and network security. This helps you know exactly how best you can improve your overall security, as well as document your compliance with the security provisions outlined by your insurance carrier. You will receive a Response Verification Report for each insurance carrier you select during the assessment. This documents your responses to the carrier-specific questions.
Cyber Liability QuestionnaireThe Cyber Liability Questionnaire is used to gather information about your organization’s IT Security Policies and Procedures and ongoing sensitive data protection practices. The questions in this document are based on the specific insurance carriers you select during the assessment process.
User Access Review WorksheetThe User Access Review Worksheet enables you to identify each user and to document their status: Employee, Third Party, Former Employee, Former Third Party, Service Account. You can also indicate whether each user has Remote Access. This is important for understanding which users have access to the network — and especially which users have access to sensitive information.
File Scan Selection WorksheetUnderstanding where you have sensitive data (ePHI, Cardholder Data, and PII) is an important component of data protection security. A comprehensive scan should be performed monthly to help identify and document all potential locations for sensitive data. Complete the worksheet to identify systems to run the automated sensitive data file scan on every month.
File Scan Validation WorksheetThis worksheet details each instance of sensitive data discovered on the network. It displays the PC name, IP address, and file path where sensitive data was detected. You can verify whether the information is valid or a false positive.
Anti-virus Verification WorksheetCompliance Manager will automatically detect any anti-virus software installed on PCs on the target network. The Anti-virus Verification Worksheet details whether each endpoint on the network has anti-virus software installed. It also displays the type of anti-virus software.
External Port Use WorksheetUnderstanding where you have ePHI Data is an important component of HIPAA compliance. The Personal Data Scan System Selection Worksheet allows you to specify which systems are scanned for ePHI during the assessment process. A comprehensive scan should be performed annually to help identify and document all potential locations for personal data as defined by HIPAA.
Cyber Risk Assessment Reports
Cyber Risk Analysis Update
The Cyber Risk Analysis Update report lists IT Security risks identified during a Risk Update Assessment that impact the state of network security and Cyber Risk compliance. The Cyber Risk Analysis Update identifies what protections are in place and where there is a need for more.
The Cyber Risk Analysis Update report presents results in a list of items that must be remediated to ensure the security and confidentiality of sensitive or confidential information at rest and/or during its transmission.
Cyber Risk Change Summary Report
Every time you use Cyber Risk Manager to run a Cyber Risk Update assessment on a given network, the Cyber Risk Manager generates the Cyber Risk Change Summary report.
This report compares the results the last Full Cyber Insurance Risk Assessment with the Risk Update Assessment’s network scan, local computer scan(s), and external vulnerability scan results performed during the Risk Update Assessment process.
This report details changes in the network’s User Accounts, Local Computer Accounts, Active Directory (A/D) Computers, Non-A/D Computers, Non-A/D Devices, External Vulnerabilities, along with a Windows computer Patch Summary.
Cyber Risk Management Plan Update
Based on the findings in the Cyber Risk Update Assessment, the organization must create a Cyber Risk Management Plan with tasks required to minimize, avoid, or respond to identified risks to IT security and regulatory compliance.
The Cyber Risk Management Plan Update contains a list of tasks that can be executed to mitigate identified IT Security risks.