New GRID Active Governance Program and Reporting Functionality – Linking Dashboards to Task Schedules

DefenseStorm has recently updated its GRID Active Governance Program with new functionalities, further enhancing its capabilities as a powerful cyber risk management solution.  Organizations now can link dashboards to task schedules for scheduling and documenting report reviews.

We have created a new category within the Task Schedule Library for schedules that can be leveraged for dashboard linking.  Each schedule within this new category has dashboards suggested for linking and have been built out in our Dashboard Library. For example, VPN Monitoring points you towards the library workspace where you find the dashboard or visualizations that are meaningful to your institution.

When the task is generated at the defined cadence, a PDF export of the dashboard is attached for review.  Notes can be added to document your review, and by closing the task, you are effectively signing off on the report as the system will document the user, date, and time at which the task was closed.

Multiple users can be added within the Task Schedule to review the report and email notifications will be sent when the report is ready. As with all items in the Library, these are pre-mapped to Frameworks including the FFIEC CAT. In addition to serving as evidence against frameworks, organizations that are using GRID Active Risk Assessment can leverage task schedules linked to reports as evidence for Controls.

Integration with Vulnerability Management Solution and KnowBe4

DefenseStorm recognizes that many organizations need to enhance their ability to manage vulnerabilities, so we’ve partnered with CODA Intelligence to offer continuous Vulnerability Management Scanning. This allows organizations to better manage vulnerabilities based on the risks in their environment vs. just the risk related to a specific vulnerability.

However, gaps still exist since the cybersecurity or information security team identify the vulnerability but may not be responsible for implementing the fixes, which is typically the responsibility of information technology (IT). To address this, CODA released Action plans to help bridge the gap between Info Sec and IT.

The information security teams identify the vulnerability and assign a fix to it, and that fix is then assigned to a specific team.  This assignment includes a due date based on the vulnerability and the impact it has to the risk of the organization – as defined by you.  Once the vulnerability is fixed, a notification of completion is generated, and the fix is validated.

The integration of Vulnerability Management through the GRID Active platform allows GRID Active Governance Program to synchronize the CODA Action Plan within the Governance Program tasks – for automatic collection of evidence.

In addition to CODA data automatically populating tasks for evidence collection, CODA data is now available in GRID Active dashboards. Samples of pre-built visualizations are available in a new Dashboard Library workspace and include sample data from CODA and GRID Active related to CODA tasks.  These visualizations around task data assist in monitoring and reporting on KPIs related to the status of CODA Action Plans.

Through a partnership with KnowBe4, DefenseStorm offers managed services for multiple KnowBe4 products. For organizations that leverage these services, KnowBe4 data is now available in GRID Active Dashboards as well. There is also a new Dashboard Library workspace for this service where sample visualizations can be copied for use. Both CODA and KnowBe4 dashboards can be linked to relevant Task Schedules for evidence collection.

DefenseStorm is committed to providing solutions that stay ahead of the ever-changing threat landscape. We continually innovate and update our technologies to ensure that our clients receive the best possible protection against both known and emerging threats.