Cyber Security Risk Management (CSRM)

Overview:

Cyber Security Risk Management (CSRM) is a structured process organizations use to identify, assess, mitigate, and monitor cyber threats and vulnerabilities that could impact their assets, operations, or reputation. It integrates cybersecurity into broader enterprise risk management, treating cyber risks like financial or operational ones. CSRM helps prioritize resources, comply with regulations, and build resilience against evolving threats like ransomware, data breaches, and supply chain attacks.

Key Features:

1. Dashboard

   • Delivers a centralized, real-time view of critical risk metrics and statuses, providing a comprehensive overview of ongoing risks, a concise summary of findings, and a detailed impact breakdown (pending integration into CRAM™). This empowers security teams with the insights needed for swift, informed decision-making.

2. Asset Identification

   • Experience your tailored Cyber Risk Assessment and Management™ (CRAM™), where this module meticulously maps out the assets requiring safeguarding, establishing a robust foundation for risk assessment by laying the essential groundwork for your CRAM™ building blocks.

3. Asset Inventory
   • Maintains a comprehensive, up-to-date catalog of all assets, including hardware, software, and data. It tracks ownership, location, and vulnerabilities, ensuring nothing is overlooked during risk evaluations.
4. Assessed Asset
   • Focuses on evaluating the security posture of identified assets. This module assesses vulnerabilities, threats, and potential impacts, providing data to prioritize risk mitigation efforts.
5. Risk Register
   • Serves as a repository for documenting identified risks, including their likelihood, impact, and status. It acts as a single source of truth for tracking and reporting risks across the organization.
6. Risk Management
   • Enables the development and implementation of strategies to address risks (e.g., avoidance, mitigation, transfer, acceptance). This module supports planning, executing, and monitoring risk treatment plans.
7. Task Management
   • Assigns, tracks, and manages tasks related to risk mitigation, such as patch updates or employee training. It ensures accountability and timely completion of security actions.
8. Geo Location
   • Tracks the geographic distribution of assets and risks, identifying location-specific threats (e.g., market cyber resiliency or market vulnerability level). This aids in tailoring security measures to specific areas.

Pre-requisites:

1. Access to CyTech - AQUILA

   • Only users assigned the "Owner" or "Admin" role can access the Log Collector installation resources within the platform.

To navigate to CSRM Module please follow the instructions below:

Step 1: Log in to CyTech - AQUILA. click here --> usdc.cytechint.io

Step 2: Click on Risk Management

Figure 1. Overview

Step 3: Click on Cyber Security Risk Management (CSRM)

Figure 1.1 Cyber Security Risk Management (CSRM)

Step 4: Full guide on navigation.

Figure 1.3 Navigation

Cyber Security Risk Management (CSRM): Dashboard

The Dashboard page serves as the central hub for visualizing cybersecurity risk metrics and insights within a Cyber Risk Assessment and Management (CRAM™) system. It provides real-time overviews of risk levels, breakdowns, and trends through interactive widgets, charts, and summaries. This interface appears tailored for security teams to monitor risks, identify issues, and facilitate quick decision-making.

Figure 2 Cyber Security Risk Management (CSRM) - Dashboard

Vulnerability1. LevelOverall Risk Scores - It shows organization exposure level, based on the assessment risk. 

• Represents the overall vulnerability exposure, meticulously calculated from asset scans and assessments. This metric elegantly gauges the susceptibility of your organization to market fluctuations, providing a refined understanding of potential risks.

• Clicking it will open the Market Vulnerability Level pop up box that emphasizes economic factors like growth, inflation, consumer confidence, and geopolitical risks, rather than cybersecurity specifics, indicating a holistic risk management perspective.

Figure 2.1 Cyber Security Risk Management (CSRM) -Dashboard / Market Vulnerability

Impact2. Level

• Measures the potential business or operational impact of identified risks. This metric elegantly assesses how external factors, such as economic conditions and industry trends, influence the overall risk landscape.

• Clicking it will open the Market Impact Level pop up box that focuses on external economic and market influences, including growth, inflation, geopolitical events, and investor confidence, rather than cybersecurity-specific risks.

Figure 2.2 Cyber SecurityOrganization Risk Management (CSRM)Factor - Dashboard / Market Impact Level

Threat Level

• Indicates the severity or likelihood of external threats. This metric elegantly assesses the intensity of external threats, including competition and regulatory changes, that may impact your business.

• Clicking it will open the Market Threat Level pop up box that centers on assessing the severity of external threats affecting market stability, incorporating economic indicators such as growth, inflation, consumer/investor confidence, and geopolitical factors.

Figure 2.3 Cyber Security Risk Management (CSRM) - Dashboard / Market Threat Level

Overall Probability Breakdown

• This component, integral to a risk management dashboard such as the CRAM™ system, focuses on probabilistic risk metrics over time. The probability breakdown elegantly illustrates the likelihood of a risk event occurring, empowering stakeholders to prioritize mitigation efforts effectively.

Overall Risk

• Provides a holistic score aggregating vulnerability, impact, and threat levels. This metric formally represents the combined impact and probability of a risk event, offering a comprehensive assessment ofExplains the organization's overallkey factors affecting risk exposure.

  levels
—
• Impact,

  Clicking this element unveils a popup window, a pivotal component of a risk management dashboard such as the CRAM™ system, meticulously crafted to provide a comprehensive assessment of an organization's risk posture. It delivers a holistic score that elegantly aggregates vulnerability, impact,Threat, and threat levels, empowering security teams and decision-makers to monitor and prioritize risk mitigation efforts with precision.

Vulnerability.

Figure 2.4 Cyber Security Risk Management (CSRM) - Dashboard / Overall Risk

• Clicking the view risk button will redirect you to its risk assessment.

Figure 2.4.1 Cyber Security Risk Management (CSRM) - Dashboard / Overall Risk / Risk Assessment

• This page offers comprehensive visibility into pending identified risks, ongoing mitigation efforts, risk acceptance, risk transfer, and risk avoidance strategies. Additionally, it enables client to seamlessly register newly identified risks with ease.

Summary of Findings

• The summary of findings provides a concise overview of identified risk and their implications.

• Upon selecting the View All link, a sophisticated popup will be revealed, presenting a comprehensive overview of all risk scenarios.

Figure 2.5 Cyber Security Risk Management (CSRM) - Dashboard / Summary of Findings

• Selecting a risk scenario will unveil a sophisticated Risk Breakdown popup, an integral visualization component within a risk management dashboard such as the CRAM™ system, meticulously crafted to dissect a specific identified risk for comprehensive in-depth analysis. This feature is thoughtfully designed for security teams and risk managers, providing profound insights into the composition of a risk event and empowering informed mitigation strategies with precision.

Figure 2.5.1 Cyber Security Risk Management (CSRM) - Dashboard / Summary of Findings / Risk Scenario

• Upon clicking the Detailed View button, you will be presented with an intricate and comprehensive breakdown of information, encompassing Threats, Vulnerabilities, and additional critical factors.

Figure 2.5.2 Cyber Security Risk Management (CSRM) - Dashboard / Summary of Findings / Risk Scenario / Detailed View

Risk3. EventQuick ScoresActions - Access shortcuts to identify, assess, and respond to risks.

•  

  4. Pending Mitigation Task - Access shortcuts to identify, assess, and respond to risks.

  

   

  5. Risk eventMapping scores- Visualizes combinerisks based on their probability and impact to quantifydetermine individualseverity risks. Higher scores indicate greater risk.zones.

 

6. Mitigation Control Status - Displays the implementation progress of mitigation controls across the organization.

Figure7. 2.6Monthly Cyber SecurityRegistered Risk Management (CSRM) - DashboardTracks /newly Riskregistered Eventrisks Scoreseach month by severity level.

Overall8. ImpactRisk Breakdownby Control Type -

• Impact breakdown illustratesShows the potential consequencesnumber of arisks riskcategorized event.
under

Administrative,

Technical, or Physical controls.

Figure 2.7 Cyber Security Risk Management (CSRM) - Dashboard / Overall Impact Breakdown

• Upon selecting Overall Impact, a sophisticated popup emerges, serving as an educational and analytical component within a risk management dashboard such as the CRAM™ system, meticulously crafted to illuminate the dynamic interplay between an organization's risk tolerance, appetite, and overall impact severity. This interface delivers a structured explanation of risk severity levels, expertly guiding users in evaluating potential impacts on operations, finances, and reputation. It empowers security teams and executives to prioritize responses based on severity, ensuring optimal resource allocation and strategic mitigation planning.

Figure 2.7.1 Cyber Security Risk Management (CSRM) - Dashboard / Overall Impact Breakdown / Overall Impact

• Upon selecting Risk Tolerance, a refined popup unveils itself, serving as an insightful informational component within a risk management dashboard such as the CRAM™ system, meticulously crafted to deliver a comprehensive explanation of risk tolerance levels for individuals or organizations. It elegantly outlines how risk tolerance shapes investment and decision-making strategies, accentuating preferences for stability versus potential returns. This interface empowers users, including financial advisors, security teams, and executives, to assess and align risk profiles with organizational objectives, fostering balanced and strategic portfolio management.

Figure 2.7.2 Cyber Security Risk Management (CSRM) - Dashboard / Overall Impact Breakdown / Risk Tolerance

• Upon selecting Risk Appetite, a refined popup unveils itself, elucidating that this term denotes the amount and type of risk an organization is prepared to embrace in pursuit of its objectives. As a pivotal component of risk management and strategic planning, it empowers organizations to make well-informed decisions regarding the level of risk they are willing to undertake across diverse operational domains.

Figure9. 2.7.3Top Cyber5 SecurityAsset Risk Management (CSRM)Owner - DashboardHighlights /users Overallwith Impactthe Breakdownmost /assets Risklinked Appetiteto identified risks.

CRAM™10. LiveTop ViewAsset with Most Risk -

Lists

assets
• Thisthat will display all your Critical Business Process and Critical Business Functions in 3D view. Clickhave the switchhighest iconnumber toof changeassociated the view.risks.

Figure11. 2.8Top CyberEmerging Security Risk Management (CSRM)Threats - DashboardFrequent /threats CRAM™found Liveacross Viewmultiple risks. Helps identify persistent attack methods.

________________________________________________________________________________________________________________________________________________

Cyber Security Risk Management (CSRM): Asset Identification

The CRAM™ Building Blocks page serves as an onboarding or configuration interface within the Cyber Risk Assessment and Management (CRAM™) system, designed to collect foundational business information for generating a personalized cybersecurity risk profile. This page emphasizes simplicity in input to demystify cyber complexity, targeting users like CISOs, organizations, or individuals seeking to enhance cyber resiliency. 

For detailed instructions, visit the Cyber Risk Assessment section of the AQUILA Documentation, which provides a comprehensive guide to the CRAM™ Building Blocks.

Figure12. 3Top CyberEmerging Security Risk Management (CSRM)Vulnerability - AssetCommon Identificationweaknesses seen repeatedly in assessed assets.

________________________________________________________________________________________________________________________________________________

Cyber Security Risk Management (CSRM): Asset Inventory

The Asset Inventory page is a central management interface within the Cyber Risk Assessment and Management (CRAM™) system, designed to centralize, categorize, and visualize organizational assets for enhanced risk visibility. This interface supports risk managers, IT teams, and security professionals in tracking assets like hardware, software, and data, enabling proactive identification of vulnerabilities and exposures.

Figure 4 Cyber Security Risk Management (CSRM) - Asset Inventory

Assets by Type

• This visualization elegantly presents the distribution of registered assets, meticulously grouped by their type, including hardware, software, networks, people, and more.

Asset Owner

• Highlights the user with the highest number of registered assets, offering a valuable tool for identifying key owners across the organization.

Assets by Criticality

• Elegantly visualizes assets according to their assigned criticality levels—High, Medium, or Low—serving as a vital tool to prioritize which assets require the utmost protection.

Search and Filter Section

• Search Bar

  • Allows text-based querying of the asset table for quick navigation.

• Filter Button

  • Opens advanced filtering options for refining the asset list by criteria like type, owner, or criticality.

Table Section

• This section contains a tabular display of individual assets, organized in rows with sortable columns.

• Selecting the eye icon gracefully expands to reveal comprehensive and detailed information.

Figure 4.1 Cyber Security Risk Management (CSRM) - Asset Inventory - Details

Action Buttons

• Asset Library

  • It serves as a customizable template repository for users to import and adapt pre-defined asset examples, streamlining the process of populating the asset inventory for risk assessment. This design facilitates quick onboarding by allowing users to select, edit, and integrate example assets like hardware and services, ensuring comprehensive coverage without starting from scratch.

Figure 4.2 Cyber Security Risk Management (CSRM) - Asset Inventory / Asset Library

• Add Assets

  • A dedicated input interface within the Asset Inventory module of the Cyber Risk Assessment and Management (CRAM™) system, focused on registering and categorizing new assets to build a comprehensive risk inventory. This interface empowers IT/security teams to systematically document assets, assigning attributes like criticality and sensitivity to facilitate risk analysis.

Figure 4.3 Cyber Security Risk Management (CSRM) - Asset Inventory / Asset Library / Asset Identification

• It has 2 action buttons:

  • Browse Asset Library - Enables users to access pre-defined asset templates for quick import or inspiration.

• • Register Assets - Submits the form to add the entered asset to the inventory.

________________________________________________________________________________________________________________________________________________

---

Cyber Security Risk Management (CSRM): Assessed Asset

Designed to facilitate the identification, assessment, and classification of potential risks associated with organizational assets (e.g., hardware equipment).

Figure 5 Cyber Security Risk Management (CSRM) - Assessed Asset

Search and Filter Section

• Search Bar

  • Allows text-based querying of the asset table for quick navigation.

• Filter Button

  • Opens advanced filtering options for refining the asset list by criteria like type, owner, or criticality.

Action Buttons

• Assess Asset Button

  • ThisThis invites immediate engagement, triggering a modal or workflow for in-depth evaluation.

Figure 5.1 Cyber Security Risk Management (CSRM) - Assessed Asset / Risk Assessment

• Start Risk Identification

  • This initiates the risk evaluation process for the specific asset.

Figure 5.2 Cyber Security Risk Management (CSRM) - Assessed Asset / Start Risk Identification

________________________________________________________________________________________________________________________________________________

---

Cyber Security Risk Management (CSRM): Risk Register

1. Critical Risks - Displays the number of risks that require immediate attention based on asset criticality, sensitivity, and exposure.
2. Risk Status - Shows how many risks have already been assessed versus those pending assessment.
3. Risk Distribution by Type - Breakdown of all registered risks categorized by their type: Administrative, Technological, Physical, or Others.
4. Risk Identified by Month - Tracks the number of risks identified across your organization on a monthly basis.
5. Risk Logs - Shows the entire logs of the risks
6. Risk Library - Added Risks can be found in this section.
7. Add Risks / Risk Identification - Risks can be added in this section to be identified and document.

Figure 6 Cyber Security Risk Management (CSRM) - Risk Register

• Add Risks / Risk Identification

• Risk Identification
  

Figure

6.1

Cyber
• Risk SecurityIdentification - in this section you can add and document those risk that could affect your organization
  

• View Risk Management (CSRM)Assessment - Overview

• View Risk RegisterAssessment /- AddProbability
Risks

• Assessment Details - Impact

• Assessment Details - Evidence

Cyber Security Risk Management (CSRM): Risk Management

1. Risk Response Type - Categorizes risks according to the type of response strategy used. It helps identify trends in how different response types are being utilized and can highlight areas where certain strategies may be more effective
   
2. Top

   Managed Risk Owner - Identify the individuals or teams most frequently responsible for managing risks.
   
   

3. Number of Risk Severity - Shows the count of risks divided by their severity levels. It helps in understanding the distribution of risks and focusing attention on the most severe ones that require immediate attention.
   
   
4. Risk Repository - Shows the risk logs and their details.

Figure 7 Cyber SecurityManage Risk ManagementDetails (CSRM)- Overview

Manage Risk Details - Risk Management

When one of the risks from the risk repository is clicked it will show a pop-up window for further details. Response

Figure 7.1 Cyber SecurityManage Risk Management (CSRM)Details - Assessment

Manage Risk Details - Evidence

Task Management /- Risk Repository Details / Comments

In this section itthe showsclient riskcan timelinesmanage their task and projects, timeline management, and task overview.

Figure 7.2 Cyber Security Risk Management (CSRM) - Risk Management / Risk Repository Details / Timeline

Shows the files associated by the risks

Figure 7.3 Cyber Security Risk Management (CSRM) - Risk Management / Risk Repository Details / Files

Clicking the detailed view button opens an in-depth panel that summarizes all relevant information about the identified risk, helping users understand its nature, impact, and current status.

Figure 7.4 Cyber Security Risk Management (CSRM) - Risk Management / Risk Repository / View Details

Cyber Security Risk Management (CSRM): Task Management

1. Task GanttManagement Chart- Details

   This

   Risk Report - In this section displays a visual timeline of all active tasks, allowing users to easily track task progress and overlapping schedules.

   • Each row represents an individual task, showing its assignee, start date, and end date.

   • The horizontal bar illustrates the task’sclient durationcan within the selected date range.

   • The search barlook at the toprisk allowsand filteringvisualize ofhow taskscurrent risk are being addressed.

     

     Overall Risk Score - This shows all risk by name or keyword.

   • Users can scroll horizontally or verticallyseverity to viewhelp allpriorities scheduledand items.

     focus
   on

2. Task Tableresources.

   

   Total Identified Risk - This sectionpart provides a detailed tabular view ofmeasures all tasksvulnerabilities recordedand inpotential issues, they are categorized into Critical Risk, High Risk, Medium Risks, Low Risks, and Informative Risks.
   

   

   Top Risk Owners - This shows scores based on the system.
   Eachlatest rowthreat containsintelligence the following fields:data.

   

   • Managed Risk Overview - This visualized current risk that are being addressed.
     

     

     Risk IDMapping - It – References the relatedplot risk entryby fromprobability theand riskimpact register.to show which exceed tolerance and require action.
     

   • 

     TaskManaged ID – Unique identifier for each task.

   • Task Title – The specific name or activity assigned.

   • Risk Ownerby –Severity The- individual responsible for managing the associated risk.

   • Assignee – The user assigned to complete the task.

   • Start Date / End Date – Defines the task timeline.

   • Status – Displays the current progress (e.g., Not Started, In Progress, Completed).

   A search field allows users to quickly locate tasks, and pagination controls appear at the bottom for navigation through large datasets.

   
   

3. Task Overview

   This panel provides summary metrics for all tasks currently in the system.
   It includes the following widgets:

   • Unassigned Tasks – Total number of tasks without an assigned user.

   • New Tasks – Tasks recently created and awaiting action.

   • Tasks Completed – Count of tasks marked as completed.

   • Total Tasks – Total number of tasks across all statuses.

   A Create Task button enables users to add new task entries, while the filter dropdown allows sorting of data by criteria such as due date or priority.

FigureTop 85 CyberCritical SecurityBusiness Function Assets with Most Risk Management (CSRM) - TaskIt Managementshows the most risk-exposed assets that are essential to core business operations.

• Create Task

Figure 8.1 Cyber Security Risk Management (CSRM) - Task Management / Create Task

Cyber Security Risk Management (CSRM): Geo Location

The Geographic Map module provides a visual representation of global market cybersecurity indicators, allowing users to analyze risk exposure, vulnerability, and resiliency by geographic region.

This feature supports data-driven decision-making by correlating regional cybersecurity performance metrics with global threat intelligence.

World Map Visualization

• The central panel displays a world map highlighting different regions or countries.

• When a region is selected (e.g., Japan), it is visually emphasized on the map.

• The system retrieves and displays region-specific cybersecurity metrics on the right-hand side.

Regional Metrics

Four key indicators are shown for the selected region:

• Market Cyber Resiliency – Indicates the overall ability of the market to withstand and recover from cyber threats. A higher percentage represents stronger resilience.

• Market Vulnerability Level – Reflects the percentage of potential weaknesses or exposure within the market’s cybersecurity posture.

• Market Threat Level – Shows the current assessed intensity of cyber threats targeting the market.

• Market Impact Level – Represents the estimated effect or disruption that a successful cyber incident could have within the region.

Region Selection and Configuration

• Use the Select Region dropdown menu to choose a country or area of interest.

• After selection, the associated data is automatically updated on the display.

• Click Save Changes to confirm the selected region or update monitoring parameters.

• The Clear Selection option resets the map and clears any chosen region.

Figure 9

Cyber

 Security

Risk

 Management

(CSRM) - Geographic Location

If you need further assistance, kindly contact our support at support@cytechint.com for prompt assistance and guidance.