Guide to the Annual Cyber Review Module
How to Perform a Cyber Review with your Board using HighGround
Table of Contents
Why Perform Annual Cyber Reviews?View your Annual Cyber Reviews:Annual Cyber Review Status'How to Perform an Annual Cyber Review with HighGround:Why Perform Annual Cyber Reviews?
Cyber Reviews are essential to maintaining alignment between the organisations operational plans, strategic objectives and the cyber security of the organisation whilst executing on them. Meeting with your Board members regularly (and no more than annually) to review the organisations current security posture in respect to the organisations future plans and strategic objectives will ensure you are not only keeping them informed, but are ensuring cyber security is being tied back the direction of the organisation and keeping it relevant.
View your Annual Cyber Reviews:
At the bottom of the Annual Cyber Review module you can view your previous Annual Cyber Reviews:
In the columns you can see the following information:
- Date of Review: the date that the Annual Cyber Review was performed.
- Expiry Date: the date that the Annual Cyber Review will expire - this will be a year after it was performed.
-
Type:
- Default: the Annual Cyber Review has not been modified from the default questions.
- Custom: the questions in the Annual Cyber Review have been modified, and/or new questions have been added.
-
Status: whether the Annual Cyber Review was Completed or is Incomplete.
- Attendees: the names of the people who were present at the meeting.
Understanding your Annual Cyber Review Status'
In order to stay up-to-date and aware of your cyber security posture, you should conduct a Cyber Review at least every year and more often if you can. The Compliance Status' are designed with this in mind, and will keep you informed on your continual progress with this.
To learn more about what your status means, choose the matching icon from the tabs below:
Status' in a default state appear as a blue cross, and indicate that you have never conducted an Annual Cyber Review.
DeleteStatus' in a healthy state appear with a green tick, and the word Complete.
- This status indicates that you have completed an Annual Cyber Review within the last 9 months.
Status' in a warning state will show with an orange exclamation mark with a status of Due for Review.
- This status indicates that you should conduct an Annual Cyber Review within the next 3 months.
Status' in a critical state appear as a red exclamation mark with a status of Incomplete or Expired.
Incomplete:
- This status indicates that you have started, but not completed, an Annual Cyber Review within the last year.
Expired:
- This status indicates that your last Cyber Review was conducted over a year ago.
How to Perform an Annual Cyber Review with HighGround:
Navigating Reviews in HighGround:
At the side of the review window is a progress section. Here you can see the various sections of the review, which sections you have completed, which are incomplete, and which are yet to be viewed:
- Progress bar: indicates how much of the audit/review you have completed.
- Blue circle: indicates a section which has not been started yet.
- Orange tick: indicates the section has been started but is incomplete. This will occur if you leave a section without completing all questions.
- Green tick: indicates all questions have been answered in this section.
Additionally, you can click on any of the sections to quickly navigate to that stage of the review.
STEP 1: Click the Perform Cyber Review Button
To start a Cyber Review, click the Perform Cyber Review button located at the top-right of the module window:
STEP 2: Enter Review Details
You will now see a window containing the first section of the Annual Cyber Review.
There are four sections in total:
- Cyber Review Details: date, location, attendee details etc.
- Cyber Review Agenda: the schedule and objectives for the Annual Cyber Review.
- Actions: any agreed actions which have been decided upon whilst performing the Annual Cyber Review.
- Summary: a discussion of the findings and recommendations learned from the Annual Cyber Review.
In this window can enter the following details of the Review:
- Date and Time of Review: the data and time that the Annual Cyber Review is being held.
- Location: the place where the Annual Cyber Review is being held.
- Attendees: the people present at the Annual Cyber Review.
- Meeting Chair: the chair of the Annual Cyber Review.
- Minute Taker: the person recording the minutes at the Annual Cyber Review.
After entering those details, click Next.
STEP 3: Perform the Review
Now you have entered the Review details, you will need to go through the Agenda And Actions sections of the Annual Cyber Review. For these sections, read through each question or statement carefully and perform any actions/checks required to complete them.
Once they are completed, toggle the slider below them to on (blue). You may also want to add notes to any of these questions/statements. You can do so by typing in the notes box below the toggle slider.
After reaching the end of a section, click to the Next button to progress to the next stage:
How do I add a Question?
To add a question to the Cyber Review, click the Add Question button towards the top-right of the window:
This will open a window where you can write your question, and decide the answer type (options include a Note Field, Yes/No box, or Date/Time selector).
After forming the question, click Add Question to add it to your Annual Cyber Review.
When you have completed the Details, Agenda and Actions sections, you will arrive at a Summary page. Here you can view your completed Annual Cyber Review, including its outcomes at the bottom:
And that's it! You've successfully performed your Annual Cyber Review.
Edit Annual Cyber Review
Click on the Annual Cyber Review, then click the Edit button located towards the top-right of the window:
This will take you through the sections of the Annual Cyber Review again, where you can edit any of the individual questions/statements by clicking the pencil icon to change the wording of the question, or the bin icon to delete that question altogether:
Delete Annual Cyber Review
To delete your Annual Cyber Review, click the three dots next to it and select the Delete option:
Delete