General tips

CISO Assistant is intended to be a multi-paradigm tool to suit everyone's background and approch to cyber security program organisation.

With that being said here are some standard recommendations to get the most of it, if you are just starting:

  1. Map your organisation to the domains/perimeters (or create basic ones)

  2. Add your users and assign them to the groups (SSO and MFA available even in Community)

  3. (recommended) Identify what are the assets to protect

  4. (recommended) Enumerate your existing capabilities/controls

  5. Define your baseline and focus on the basics - pick your controls and/or create new ones

  6. Get your actions implemented and reflect that on your audit progress

  7. Conduct a contextual risk assessment

  8. Share the insights with your organisation, review the priorities, and keep it alive

  9. Expand your coverage: periodic tasks, incidents, TPRM, findings managements, etc.

  10. Always keep focus on the actions and reflect their data on the other concepts

PreviousUnderstanding decouplingNextJourneys

Last updated

Was this helpful?