hm.works 1.9 released with 35 cyber standards analyzed, 2000 controls statements normalized into 413 controls, mapped to 18 control frameworks
* * *
Since its first release on 13 March 2023, the Human Managed web app hm.works has been getting fresh updates every single week.
The intel on your assets, their posture & behavior isn't isolated databases. It's what provides your unique business context for use cases that matter to your ops, like prioritizing phishing or denial of service detections on your critical assets that impact your customers.
Data on your assets, their posture and behaviors only mean something for your business when 🔗relationships🔗 are established between them and that intel is applied to a scenario.
Today, we are excited to apply your unique intel through...
cyber posture scorecard 🍩
An interactive matrix that presents your entire organization's cybersecurity maturity mapped to 18 Frameworks that establishes the relationships between:
- your enterprise goals,
- their risk tolerance, and
- existing controls on your assets
In this release we’ll focus on the NIST Cybersecurity Framework: Identify, Protect, Detect, Respond, Recover
The cyber posture scorecard answers the top 3 things you need to know about your enterprise cyber maturity:
- How mature is my organization's ability to identify, protect, detect, respond, recover from cyber threats?
- What controls should I implement to defend my assets?
- Where are the biggest gaps between my preferred posture state and current posture state?
Before we dive in to the details,
What is NIST and why is it important?
There are multiple standards and frameworks covering different scope or focus areas for securing an organization and each of them are very different in the advice they give.
These different advices most often point to common topics such as governance, technical, software development, physical, industrial, IaaS, PaaS, SaaS & SMB
NIST (National Institute of Standards and Technology) partnered with private sector and held a series of town hall meetings and determined the standards that are included in its cybersecurity framework (CSF). It used the following standard as its foundation: CIS Controls, NIST SP 800-53, ISO 27002:2013 and COBIT addressing the five core areas of Cyber: Identify, Protect, Detect, Respond, Recover.
Today, the NIST CSF is widely recognized as an industry best practice framework for any business to manage cyber risk and control threats.
* * *
Let's explore each segment of the cyber posture scorecard.
cyber posture scorecard
- What: This matrix of 'donut' charts reports your organization's current cyber posture against target posture by each NIST function and asset type (user, network, device, app, api, compute, storage) as a percentage.
- Why: Understand your organization's current state and act to close the gaps in (1) identifying risks; (2) protecting assets; (3) detecting suspicious behaviour; (4) responding to threats; and, (5) recovering from compromise (as per the NIST functions)
- 📝Here, your User asset type's Identify function's score is 25%, putting this score's RAG status as Red. The bold red bar is the current state, filled out of the bar with reduced opacity, which represents your organization's target for this metric (80% in in this case). The dotted blue line outlining the reduced opacity area is the gap between target and current (blue filled triangle points to the percentage that has completed, and the outlined triangle points to the target percentage.)
* * *
How are these numbers calculated?
Click on any of the donut charts to view the score break down resulting from our analysis of 35 cyber standards and normalized 2000 controls statements into 413 controls.
These controls are mapped 18 control frameworks. Each controls have a definition, a measure, a metric and maturity, all listed on:
- What: This interactive grid breaks down your organization's current cyber posture based on:
- control description
- control measure
- control threshold (metric of 6 levels)
- control maturity score (based on policy, implementation, operations)
- Why: Understand and explore your current state of cyber posture in detail (e.g. group and filter by asset type, control system, or control categories), identify blockers, and plan for improvements to achieve desired cyber risk management goals.
* * *
And there it is, the cyber posture scorecard that measures the gap between your current and target state of cyber maturity.
All of this is done on-demand through analyzing your data, or more precisely, analyzing the relationships and interactions between data of:
- 🔗 your unique context: digital assets, controls enabled and detected on your assets, tracked process on control policies, implementations, and operations.
- 🔗 industry frameworks: control functions, control measures, key risk indicators, latest standards
* * *
And that is hm.works 1.9! We will be releasing more features and updates regularly, so stay tuned.
To get the latest news from Human Managed, follow us on LinkedIn and check out our blog.
* * *
Want to discuss how we can help solve your cyber, digital, or risk operations through data?
Want a test run of the hm.works app?
Have any questions or feedback?
Please contact us at email@example.com.