CSFaaS - Cyber Security Framework as a Service

1. Welcome to CSFaaS

1. Welcome to our Platform

2. What is CSFaaS

3. Purpose of CSFaaS

4. Key Audience

5. Related Publications

2. Discover CSFaaS

1. Discover your environment

2. Log in to your application

3. Multi-Tenant Setup: Creating and Managing Workspaces

4. Discover your Interface & your Dashboard

1. Overview

2. Choose your language

4. Profile

ARV ---- 3. Notifications

5. Discover your settings & configuration

6. Frameworks Manager

7. Policies Manager

8. Controls Manager

9. Risk assessment Demand

10. Risk Registry

11. Remediation Plan Registry

12. Third Parties Manager

13. Systems Manager

14. Form Builder

15. Evidence Manager

16. Changelog Follow-up

17. Analytics and Monitoring

3. CyberSecurity Risk Management - Fundamentals & Guidelines

1. Important Terminology & Key concepts

1. Important Terminology

2. Key risk concepts

3. Risks models

1. Threat

2. Vulnerability

3. Predisposing condition

4. Threat scenarios

5. Likelihood

6. Impact

Overview

4. Risk Exposure

5. Risk Aggregation

6. Risk Appetite & Risk Tolerance

7. Risk Assessment Approaches

8. Analysis Approaches

2. Risk management strategy

Multi Tiered Risk management

Overview

Tier 1 - Organisation view

Tier 2 - Mission/Business Process View

Tier 3 - Information System View

International standards alignment

NIST SP 800-39

ISO 31000

NIST 800-39 and ISO alignment for risk management implementation

ISO, NIST & COSO alignment overview

Define Your Risk Management Strategy

CSFaaS Risk Assessment Methodology

3. Guide to Cybersecurity Frameworks

4. Policies

Understanding Information Security Policies

Program Policy

Issue-Specific Policy

System-Specific Policy

5. Requirements and Controls

Requirements

Controls

6. Supply Chain Risk Management

Cybersecurity - Supply Chain Risk Management (C-SCRM)

Supply Chain & Supplier Relationships International standards & Best practices

7. Trust, Trustworthiness & Organizational Culture

Trust & Trustworthiness

Establishing Trust Among Organizations

Trustworthiness of Information Systems

Effects of Organizational Culture on Risk Management

4. Prepare your Organisation

1. Customising CSFaaS for Your Security Maturity

2. Get Top Management Approval

3. Identify Mission and Business to support

4. Assign Risk Management Roles

5. Understanding Risk: Impact, Likelihood and Risk Response

6. Defining Impact Type and Risk Categories

5. Workspace Settings & Configuration

1. General Settings

2. Framing Settings

1. Initial Setup

2. Framing Options

3. Automatic Tailoring Options

3. Catalog Properties Settings

1. Taxonomies, Framework Alignment, and the Importance of Catalog Properties

2. Global Catalogues Settings

3. Module-Specific Catalogues Settings

4. Notifications Settings

5. Billing & Limits Settings

6. Users Settings

7. Roles Settings

8. Workflows Settings

9. SLA (Demands) Settings

Overview

6. Prepare your Systems & Key Components

1. System Classification

2. System Management Interface Overview

3. Create a System

4. Document the system

5. Edit, Update or Delete your Systems

6. Advanced Search with Multiple Filtering Options

7. Define & Tailor your Systems settings

8. Examples

7. Manage your Supply Chain

1. Third Parties Management Interface Overview

2. Create a Third Party

3. Document the Third Party

4. Edit, Update or Delete your Third Parties

5. Advanced Search with Multiple Filtering Options

6. Tailoring Third Parties Catalogues to Meet Your Needs

8. Manage your Framework(s)

1. Frameworks Features Overview

2. Define your applicable framework(s)

3. List of Applicable Frameworks

4. Framework Summaries (Alphabetical Order)

AICPA Trust Services Criteria (SOC2)

CCB CyberFundamentals Framework - Small

CCB CyberFundamentals Framework - Basic

CCB CyberFundamentals Framework - Important

CCB CyberFondamentals Framework - Essentials

CCCS – Baseline Controls for SME (v 1.2)

CMMC 2.0 (Cybersecurity Maturity Model Certification v.2)

DORA (Digital Operational Resilience Act)

GDPR (General Data Protection Regulation)

HIPAA (Health Insurance Portability and Accountability Act)

IAPP CIPM (Certified Information Privacy Manager)

ISO 9001:2015

ISO 27001:2022

ISO 42001:2023

NCA CCC (Cloud Cybersecurity Controls)

NCA CSCC Cybersecurity Controls for Critical Infrastructure

NCA DCC (Data Cybersecurity Controls)

NCA ECC (Essential Cybersecurity Controls)

NCA OSMACC (Online Social Media Account Cybersecurity Controls)

NCA OTCC (Operational Technology Cybersecurity Controls)

NCA TCC (Teleworking Cybersecurity Controls)

NIS2 (Network and Information Security Directive 2)

NIST AI 100-1 (Artificial Intelligence Risk Management Framework)

NIST CSF 2.0 (Cybersecurity Framework 2.0)

NIST PF 1.0 (Privacy Framework 1.0)

NIST SP 800-37 (Risk Management Framework)

NIST SP 800-53 rev. 5 (Security and Privacy Controls for Information Systems and Organisations)

NIST SP 1300 (Small Business Information Security: The Fundamentals)

PCI DSS (Payment Card Industry Data Security Standard)

5. Add a framework to your environment

6. Create your own framework(s)

7. Workspace Frameworks

8. Analytics and filtering

9. Domains Management

10. Categories Management

11. Subcategories Management

12. Framework Versioning & Approval Workflow

13. Delete a Framework

9. Manage your Policies

1. Policies Features

2. Import One or More Frameworks

3. Create a Single Policy

4. Analytics and filtering

5. Policies Management

6. Edit your Policy Description

7. Define Policy Contextual Information

8. Multi-Framework Cross-Mapping

9. Categories and Subcategories Management

10. Policy Versioning & Approval Workflow

11. Delete a Policy

10. Manage your Controls

1. Controls Features

2. Set your Control Catalogues

3. Create your controls

4. Reassign Controls to Another Category or Subcategory

5. The 2 ways to edit the controls

6. Set Controls Progression

7. Define Control Properties

8. Link Control to Frameworks

9. Add Evidence to your Control

10. Delete a control

11. Operational Use of the CSFaaS Risk Management Solution

1. Risk process with CSFaaS

2. Risk Management Features

3. Risk Assessment Catalogues and Configuration

4. Risk assessment Demand Filtering Options

5. Demand Workflow Overview

1. Introduction

2. Demand Process without Workflow Enforced

3. Demand Process with Workflow Enforced

4. Risk assessment Demand Workflow Configuration

6. Create a Risk Assessment Demand

1. Risk Assessment Demand Creation

2. Demand initialisation without Workflow Enforcement

3. Demand initialisation with Workflow Enforcement

7. Defining the Risk Context

1. Contextual Information

2. Business Goals and Objectives (BGO)

3. Business Drivers for Security (BDS)

4. Applicable Policies

5. Related Risks

6. Involved Third Parties

7. Involved Systems

8. Risks assessments

SWOT Analysis Overview

The 8 steps methodology overview

Step 1: Add a Risk

Step 2: Define the Risk Profile

Step 3: Assess the Inherent Risk

Step 4: Assess the Current Risk

Step 5: Recommend controls

Step 6: Assess the Target risk

Step 7: Submit for Risk Response

Step 8: Provide a Risk Response

9. Manage Remediation Plans

10. Close a Demand

11. Risk Registry Module

1. Managing Risks

2. Analytics

3. Filtering options

12. Remediation Plan Module

1. Managing Remediation Plans

2. Filtering option

13. Reopen a Demand

12. Manage your Forms with Form Builder

Form Builder features

13. Manage your Evidences

1. Key Features of the CSFaaS Evidence Manager

2. Add Evidence Howto

14. Changelog Tracker

15. Support & Ticketing System

Open and Manage Tickets

16. Conclusion

You are now ready to get a high level of protection

2. Discover CSFaaS

›

17. Analytics and Monitoring

2. Discover CSFaaS

Last updated: 3 months ago

17. Analytics and Monitoring

Found an issue?

Report issue

17. Analytics and Monitoring

Transform Your Business. Take Action Now!

Curious about how our solution fits your needs? Request a personalized demo, and our experts will guide you through the features and benefits.