Risk Management

Risk Management is one of the key features of ORNA’s “Prevent” feature set, and it is designed to help organizations assess and track current cybersecurity risk levels using the NIST Cybersecurity Framework (CSF), as well as proactively address risks across the five domains and 23 categories of the framework.

Risk Management features

1. The NIST CSF Score graph displays the at-a-glance score for each of the five NIST CSF domains: Identify, Protect, Detect, Respond, and Recover. You can click the “Show more” link underneath each domain to view more details and browse each domain’s categories. ORNA automatically assigns a quantitative (between 1 and 5) and the respective qualitative (ranging from Low to Perfect) score to each domain and category.
2. The list of all 5 domains and 23 NIST CSF categories containing easy-to-populate questionnaires directly linked to specific aspects of each category. Answering the questionnaires populates the overall dashboard and generates improvement Recommendations.
3. Performance Tracking includes Best Category, Worst Category, Overall Score, Incidents This Year, and Incidents Resolved.
4. The list of Recommended Actions to improve your overall risk score is based on the responses to questionnaires in each NIST CSF category.

Accessing the Risk dashboard

To access the Risk Dashboard:

1. Navigate to the Overview section of the platform.
2. Select the Risk tab in the top right-hand corner of the Overview dashboard.

Populating the Risk Management dashboard

1. Navigate to the Overview section of the platform.
2. Select the Risk tab in the top right-hand corner of the Overview dashboard.
3. Click on any given category and use the “Yes", "No", "N/A” toggle buttons to respond to the included questions to the best of your ability. You can also request assistance from other relevant stakeholders in your organization. “Yes” and “No” count towards the automatically calculated score for this Category and, ultimately, towards its parent Domain. Answering “N/A” does not affect the score of either.
4. Mouse over the “i” icon on the right-hand side of each question to view the specific provision of the NIST CSF framework to which the question is related.
5. Click the “Submit” button in the bottom right corner to save your responses.

6. As you fill out more categories with responses, the NIST CSF dashboard will be populated with qualitative and quantitative scores for domains and their categories, Performance Tracking KPIs, and Recommended Actions to improve the score of each relevant domain.

Performing the recommended actions

1. Navigate to the Overview section of the platform.
2. Select the Risk tab in the top right-hand corner of the Overview dashboard.
3. Note that the prerequisites for ORNA providing you with Recommended Actions are: 1) You must have at least a single category’s questionnaire completed, and 2) The category score must be less than Perfect.
4. View your Recommended Actions in a table underneath the Performance Tracking bar. You can use the filter feature on the right-hand side to filter Recommended Actions for a specific category.
5. Currently, ORNA’s Risk feature uses self-reporting to track the completion of all Recommended Actions: once you’ve completed the action, click the checkmark on the left-hand side of the respective Recommended Action, and your NIST CSF domain and category scores, as well as Performance Tracking KPIs and any relevant responses to category questions, will be updated automatically.