September 2023 Updates

+ CampusCISO
(September 11, 2023)
+ Category:

Share Article:


Introducing Risk Profile Reports and an updated improvement recommendations engine

We’re excited to launch two new features in the portal this week. Thanks to all of the schools who provided valuable feedback during the development and beta of these features throughout the summer!

New Cybersecurity Risk Profile reports

The new risk profile reports help you understand how your unique characteristics can affect how cybersecurity events might affect the operations of your institution.

To create these reports, we compare dozens of data points from your institution against a database covering over 6000 colleges and universities. This data is from the Integrated Postsecondary Education Data System (IPEDS) and the Higher Education Research and Development (HERD) survey. We also incorporate how the cybersecurity capabilities you’ve adopted help to mitigate these risks.

Our goal is to help you understand the relative impact cybersecurity events could have on your institution’s operations. By identifying areas of high inherent risk, you can prioritize efforts to mitigate these risks and strengthen your cyber resilience.

NOTE: You’ll need a premium CampusCISO membership to access these reports. The Risk Profile report is located under the “Reports” –> “Assessment Reports” menu. The risk benchmarking report is located under the “Reports” –> “Benchmarking Reports” menu.

Updated Improvement Recommendations report

This update includes the most significant changes to the improvement recommendations calculations since the CampusCISO portal launched in July 2022. By incorporating the new risk profile scores, the recommendations now evaluate the potential impact a new capability would have on mitigating inherent risk to your operations. 

It does this by comparing the relative impact that a capability has on ensuring the availability, confidentiality, and integrity of systems and data. Then CYBER HEAT MAP calculates the relative impact that is unique to your institution. This includes evaluating:

  • Dependencies between different capabilities
    • Does the capability support or enable other capabilities?
  • People (Skills and/or Services)
    • Does your institution have people with the skills to manage this capability?
  • Process (Adoption Level)
    • How completely has your institution adopted this capability?
  • Tools (Solutions and/or Services)
    • Does your institution own tools that can manage this capability?
  • Compliance Impact
    • Does the capability support compliance requirements?
  • Risk Profile Impact
    • Does the capability help lower your risk profile scores?

New cost and effort weighting

The new recommendations report also lets you include the relative cost of purchasing solutions and the level of effort to implement and maintain those solutions. Many users have asked for this feature, and we’re excited to introduce it in this update.

To view your recommendations with the cost and effort weighting applied, just select the drop down toggle in the upper right side of the report. (See screenshot to the right.)

As more schools contribute to the vendor reviews and ratings, we plan to incorporate the support and purchase data from the reviews into this report.

Screenshot - Improvement Recommendations sorting

NOTE: The Improvement Recommendations report is available to ALL members, including those with the free CampusCISO Community membership.