Free ebook: NIS2 ready using ISO 27001 best practices
Download ebook
Topics
ISO 27001
NIS2
Getting started
Framework management
Product security
Settings & advanced
Trial and subscription
User management
Community
Documentation
Personnel guidelines
Reporting
Task management
GDPR
Internal auditing
Personnel security
Risk management
Working as a partner
Continuous improvement
Team collaboration
Show all topics
Webinars
NIS2: Intro to NIS2 Directive and Cyberday
NIS2: Uppfyll NIS2-kraven med ISO 27001
September's monthly review for Cyberday admins (9/2024)
ISO 27001: Build a cyber security plan, that gets you compliant
Show all webinars
Videos
Asset documentation
Continuously improving your ISMS
Cyberday overall intro
ISO 27001 and certification audit fundamentals
ISO 27001 and personnel awareness
ISO 27001 and risk management
ISO 27001 introduction
NIS2 introduction
Show all videos
Helps
Admins
Documentation
Frameworks
Guideline mgmt
Other features
Partners
Reporting
Setup and integrations
Task mgmt
User management
Show all helps
Blogs
IT and OT Cyber Security: Different Environments, Different Priorities
Cyber Security in Supply Chain Risk Management
Spreadsheet vs. ISMS tool - top 10 reasons why a tool is better than the traditional way
Cyberday Teams app is now available!
5 Efficient Ways for Involving People in Your Security Work
Show all blogs
Content library
Kiitos! Saat jatkossa uutiskirjeen sähköpostiisi joka perjantai.
Valitettavasti jotain meni pieleen. Voit olla yhteydessä tiimi@tietosuojamalli.fi.
Kiitos! Saat jatkossa uutiskirjeen sähköpostiisi joka perjantai.
Valitettavasti jotain meni pieleen. Voit olla yhteydessä tiimi@tietosuojamalli.fi.
Cyberday.ai
Get started
Login
Academy home
Helps
Calculating risk level in Cyberday

Calculating risk level in Cyberday

Risk evaluation is the step in information security risk management, in which you put the risks in a prioritized order by evaluating their impact and likelihood, and thus figure out the risk level.

Risk automation settings

Risk management can be executed in Cyberday fully manually or by taking advantage of our automations.

You can find the settings for this in Settings -> Risk management: General settings.

If you want to take advantage of Cyberday's automated risk evaluation, enable the risk autopilot.

What is automated risk evaluation?

As you remember from the beginning of this article, the point of risk evaluation is to get the risks in a correctly prioritized order. This should take into account the nature of the threat, but also your current actions and the type of your business and its operating environment.

This is not a simple task, and the automated risk evaluation is in place to assist you.

If you're using automated risk evaluation, the following things will happen automatically:

  • Filling a starting evaluation for each risk (likelihood + impact values) according to expert opinion
  • Adjusting the risk level according to risk control factor

Cyberday will always automatically connect related control tasks to risks, but you can also adjust these connections manually from the risk card.

Details for calculating the risk level

Calculating the risk level is done by multiplying the likelihood x impact. According to your risk autopilot setting, this is then multiplied by the maturity factor of your current controls (0-1) (i.e. risk control factor).

Risk level with risk autopilot

If you keep risk autopilot enabled, the risk level is calculated by likelihood x impact x risk control factor.

Risk control factor is calculated in the following way and is always between 0-1:

  1. Find all control tasks connected to the risk (on block "Current risk control tasks")
  2. Create a risk control value for each risk control task according to its status
    • 0.02 when status is PENDING (Not done)
    • 0.05 when status is ACTIVE (Partly/Mostly done)
    • 0.10 when status is DONE (Fully done)
  3. Adjust the risk control value for each risk control task according to its priority
    • 2x when priority is CRITICAL
    • 1.5x when priority is HIGH
    • 1x when priority is MEDIUM
    • 0.5x when priority is LOW
  4. Minus the sum of all tasks' risk control values from 1 to get this risk's risk control factor calculated
    • e.g. 1 - ( done_low_priority_task + active_high_priority_task)
    • = 1 - (0.05 + 0.075)
    • = 0.875

In this case, if the risk's evaluated initial values for likelihood and impact are 2 and 3, the calculation would be:

  • Risk level = 2 * 3 * 0.875 = 5.25

Risk level without risk autopilot

If you decide to disable the risk autopilot, then you're filling the risk evaluations manually and the risk level is calculated directly by likelihood x impact.

Content

Share article

Other similar content from Academy

Help articles

Available support methods for Cyberday use
Calculating risk level in Cyberday
Content: Tasks, Documentation, Guidelines and Reporting
Enabling CIA classification feature for main assets
Favourites: Highlight frequently used items
Feature: Documentation tables
Feature: Improving translations - How you can help to develop Cyberday
Filling documentation for important data assets
How can I export data from Cyberday?
How do I start to use Cyberday in Teams?
How is the Cyberday data backed up?
How to use the (internal) audit feature
How to use the metrics feature
Import multiple items at once
Incident management: Extension for employee security incident reporting through Guidebook
Linking existing SharePoint files to your Cyberday content
Multilingual work in Cyberday
Optional data fields in Cyberday
Personalize the menu by pinning items
Posting, replies and notifications in Community
Setting a custom logo for your organization
Unit-employee AD syncing
User management: Different user roles in Cyberday
Using "security statement" reports
Using compliance reports
Visual mode draws out documentation item's connections
Vote and post ideas on Development ideas -section
What is cyber security asset documentation?
What kind of logging is available about changes in your Cyberday account?
What kind of notifications are available?
Working with Partner management: Data processor, System provider, other stakeholder...

Subscribe to Academy today

Elevate Your Knowledge with Exclusive Access to Weekly Webinars, Video Courses, Help Articles, and Blogs.

Kiitos! Saat jatkossa uutiskirjeen sähköpostiisi joka perjantai.
Valitettavasti jotain meni pieleen. Voit olla yhteydessä tiimi@tietosuojamalli.fi.
Topics
Personnel guidelines
ISO 27001
Working as a partner
User management
Risk management
Show all
Webinars
NIS2: Intro to NIS2 Directive and Cyberday
NIS2: Uppfyll NIS2-kraven med ISO 27001
September's monthly review for Cyberday admins (9/2024)
ISO 27001: Build a cyber security plan, that gets you compliant
Show all
Videos
ISO 27001 introduction
NIS2 introduction
ISO 27001 and certification audit fundamentals
Asset documentation
ISO 27001 and personnel awareness
Show all
Helps
Documentation
Partners
Other features
Reporting
Guideline mgmt
Show all
Blogs
IT and OT Cyber Security: Different Environments, Different Priorities
Cyber Security in Supply Chain Risk Management
Spreadsheet vs. ISMS tool - top 10 reasons why a tool is better than the traditional way
ISMS Essentials: Mastering a Data System Inventory for Your Organization
Incident Detection: Building, Nurturing, and Continuously Improving a Proactive Environment
Show all
Content library
Open content libraryLabs
Kiitos! Saat jatkossa uutiskirjeen sähköpostiisi joka perjantai.
Valitettavasti jotain meni pieleen. Voit olla yhteydessä tiimi@tietosuojamalli.fi.