Step 1: Identify in-scope assets

  1. Go to the Assets section on the sidebar of the platform.
  2. View asset risk KPIs, such as:
    1. Top 5 Most Compromised Assets
    2. Top 5 Most Compromised Asset Types
    3. Key Asset Statistics per their levels of criticality
    4. The list of all monitored (green eye icon) and non-monitored assets and their details
ORNA's Assets dashboard (partial)

ORNA's Assets dashboard (partial)

Step 2: Discover vulnerabilities and mission-critical assets

  1. Navigate to the Vulnerabilities section of the platform to view all CVSS-scored vulnerabilities within your monitored assets in real-time.
ORNA's Vulnerabilities dashboard (partial)

ORNA's Vulnerabilities dashboard (partial)

  1. Navigate to the Assets section on the platform's sidebar.
  2. Sort the list of assets by level of criticality.
  3. Identify your Crown Jewels (mission-critical assets) based on the High criticality level.
ORNA's Assets dashboard (partial)

ORNA's Assets dashboard (partial)

  1. Click on any asset record to view further details.

Step 3: Determine your cyber risk level using the NIST Cybersecurity Framework

  1. Navigate to the Overview section and click on the Risk tab in the top right corner of the screen.
  2. Assess your current overall cyber risk level per the five domains and 23 categories of the NIST Cybersecurity Framework (CSF).
  3. Click on any of the domains or categories to view the details.
ORNA's Risk Management dashboard (partial)

ORNA's Risk Management dashboard (partial)

Step 4: Reduce your cyber risk level by performing the recommended actions

  1. Navigate to the Overview section and click on the Risk tab in the top right corner of the screen.
  2. Under the NIST CSF Score graph and the list of categories, the platform provides a list of recommended actions based on your current cyber risk scoring.
  3. Complete all the recommended actions.
  4. Click the checkmark icon to dismiss any specific action after it has been completed to automatically update the rest of the Risk dashboard accordingly.
ORNA's Risk Management dashboard (partial)

ORNA's Risk Management dashboard (partial)