Overview of the CyberCompliance KPI
Learn more about how your CyberCompliance is determined
Your CyberCompliance is a powerful indicator of how well you are managing your organisations cyber security.
Different to how strong your current cyber security posture (CyberScore) is and how likely you are to experience a cyber-attack based on correlated data from your security tools (CyberThreat Level), your CyberCompliance is concerned with Information Security Governance, Risk and Compliance (GRC).
Whilst technology and tools are as essential part of protecting your organisation from cyber-attack, a strong and diligent approach to managing your cyber security is essential to identifying and controlling your risks, preparing to respond and ensuring you can recover from a cyber-attack, and ensuring alignment between your IT/Cyber security teams and the Board of Directors of the business.
We believe transparency is essential, so we provide you with the drilldown so you can understand how your CyberCompliance score has been derived.
How do I read my CyberCompliance
Quantitative – your actual score represented as a single number between 0 and 100, you know exactly what your score is – no fluffy stuff for you to learn before understanding what your CyberScore is.
Graded Scores – having a number attributed to your CyberCompliance is helpful, but it doesn’t mean much when there are so many factors which contribute to your specific score. With our graded score system, HighGround shows you what you are doing well, where you can improve, and where you are lacking entirely.
Click to see more:
Clicking on the CyberCompliance box on your dashboard will open a detailed breakdown of your CyberCompliance Score, with columns containing the following information:
-
Compliance Component: the type of Compliance Documentation
-
Impact on Score: the number of points added to your CyberCompliance score as a result of this Compliance Component
-
Running Score: your ComplianceScore at the time the points for that Complaince Component were added
- Details: the reason for that component's impact on your CyberCompliance score
Next to each individual Compliance Component are Compliance Status' - which indicates the impact that component is having on your CyberCompliance Score. A green icon indicates a 'healthy' state, whilst an orange icon indicates a 'warning' state, and a red icon indicates a 'critical' state. You can read more about these status' in or Compliance Status' section.
In the left-hand column, you can see the individual factors within that component that are contributing to your CyberCompliance score. Any 'warning' or 'critical' state factors will contain a suggestion for how to improve your CyberCompliance underneath.
How do I Drive my CyberCompliance?
By utilizing our vast array of free resources and/or using your own, the Compliance Manager gives you best possible start to improving or recording your cyber security compliance.
Powerful features such as uploading your policies, procedures, and plans, reviewing, and auditing your plans and procedures, to running annual cyber reviews with your board, HighGround packs an enormous punch when it comes to managing your cyber security. Perhaps most important of all is the giving you something to manage, as most organisations are simply overwhelmed with the plethora of information available that they simply don’t make a start at all. Concentrate on ‘making it green’ and you won’t stray too far wrong!
What effects my CyberCompliance?
There are many elements that can impact your CyberCompliance. These are the main ones:
- Lack of attention to compliance – such as missing Incident Response Plans, BCDR Plans and Information Security Policies.
- Failing to comply with best practices and international standards such as UK Cyber Essentials.
- Failing to Identify your current cyber security posture and thus your risks, by performing regular Risk Assessments.
- Failing to perform regular cyber security reviews with your Board of Directors. Cyber Security must not only be discussed at the highest level of your organisation, it must be aligned with the direction of the business to ensure protection from the risks it faces.
How do I maintain awareness of my CyberCompliance?
It is essential that you are continually aware of your CyberCompliance and any changes to it. That’s why we make it easy for you to get on with your many other priorities safe in the knowledge that when something changes, we will let you know.
You have 4 options for staying up to date of your CyberCompliance:
-
WebApp – you can login to highground.io and check your cyber security at any time.
-
Mobile App – you can open the HighGround app on your phone or tablet at any time.
-
Push Notifications – when your CyberScore changes, you will be notified in alignment with your notification preferences, defined by your both your organisations global administrator and yourself.
- Cyber Reports – configure email reports on a regular basis or login to the WebApp and send them manually. Note: only accounts with a Pro subscription can schedule their cyber reports – Freemium users must login to at highground.io and send these manually.