CyTech AQUILA - Information Security Pressure Analysis (ISPA)
Overview:
Information Security Pressure Analysis (ISPA) is a section that shows an overview of the assessments such as Security Risk Assessment, Security Pressure Analysis, and Security Risk Appetite. That helps the client current risk levels and their overall status of their organization based on the taken assessment.
Key Features:
- Security Maturity Overview
- Risk Exposure Overview
Step 1: Log in to CyTech - AQUILA: usdc.cytechint.io
Step 2: Click on Regulatory Intelligence
Step 3: Choose Information Security Pressure Analysis (ISPA)
Step 4: Hover into leftmost panel to view all the Regulatory Intelligence & Compliance sections. This Process is applicable in all navigating into a Module.
Dashboard
This section shows an overview of the current score and status of the organization, such as their Security Pressure, Risk Exposure, Risk Appetite, Assessment Coverage, Security Target State Trends, and Recommended Security Maturity.
- Recommended Security Maturity - This section shows the security maturity score. This will be available and calculated after completing the assessment.
- Security Target State Trends - This view highlights how your Information Security Target State has evolved over time. Rising levels suggest growing governance and oversight requirements, while stable levels indicate consistent risk conditions.
Clients can also click the graph to view the historical progression of your recommended security maturity. Recommended security maturity will be calculated after completing the Information Security Pressure Analysis. - Assessment Coverage - This section shows an overview of assessment such as their last taken assessment, their next assessment and completed assessment of the client.
To take the assessment clients can press the "Start Assessment" button and it will redirect them into a new page named "Security Risk Assessment" where it shows and let them provide structured responses to evaluate organization's risk exposure, external pressures, and security risk tolerance.
- Security Pressure - This section provides an overview of the "Security Pressure Score". The score will be calculated after completing the assessment.
Clients can also press the "
" to see the full overview of the "Current Score". This section also reflects the level of strain on security controls based on current threats and operational factors and is mapped to a status level to indicate overall pressure intensity.
- Risk Exposure - Inherent Security Risk Exposure estimates how exposed the organization is to cyber threats before additional mitigation is applied. The percentage is derived from your assessment answers across threats, assets, and incident indicators, then mapped to a status level.
Clients can also click the icon to see the full overview of the "Risk Exposure Score"
- Risk Appetite - Risk Appetite indicates how much risk the organization is willing to accept, mapped to a status level to reflect overall risk tolerance.
Clients can also click the icon to see the full overview of the "Risk Appetite". Results will be available once the assessment is taken.
Assessments
View organization's current security risk level, outside pressures, and overall risk status based on your assessment.
Security Risk Assessment
Review organization's current risk level and the key factors contributing to it.
- Current Inherent Security Risk Exposure - Overall inherent risk exposure based on threats, assets, vulnerabilities, and incident history from your answers.
- Contributing Risk Factors - Category scores that contribute to the overall risk exposure. Higher categories indicate stronger exposure drivers. Will be available once the assessment was taken.
Vulnerabilities - Category scores that contribute to the overall risk exposure. Higher categories indicate stronger exposure drivers.
- Risk Assessment Summary - Summary of your overall exposure and the top drivers based on this assessment.
Assessment Purpose - Explains what this assessment measures and why it matters to leadership decisions.
Security Pressure Analysis
Review your organization's current security pressure and the key factors contributing to it.
- Current Security Pressure - Overall pressure on the security program based on stakeholder expectations captured in this assessment.
- External Stakeholders - Pressure driven by external obligations such as regulators, auditors, and customers.
Internal Stakeholders - Pressure driven by internal delivery, operations, and technology expectations.
- Pressure Analysis Summary - Summary of your overall pressure and the strongest drivers based on this assessment.
Assessment Purpose - Explains what this assessment measures and why it matters to leadership decisions
Security Risk Appetite
Review your organization's current risk appetite and the key factors contributing to it.
- Current Security Risk Appetite - Overall tolerance for risk based on the tolerances you selected across impact areas.
- Risk Appetite Baseline - Compares your selected tolerances against the baseline for each impact area to show how your appetite differs.
- Risk Appetite Summary - Interprets what your appetite level means for how risk decisions are typically handled.
Assessment Purpose - Explains what this assessment measures and why it matters to leadership decisions.
Assessment History - By pressing this button it will open up a sidebar that shows the histories of assessments.
Clients can also access the "Assessment Settings" button. By pressing it, shows Reassessment Cycle and Weighting.
- Reassessment Cycle - Update how often assessment is reassessed.
- Weighting - Adjust how much each area contributes to the overall score. Each section must total 100%
Conclusion
Information Security Pressure Analysis (ISPA) purpose is to manage and handle multiple results on each assessment that the organization was added, such as Security Risk Assessment, Security Pressure Analysis, Security Risk Appetite managing current risk level and key factors that are contributing to the scoring on each metrics.