Understanding CYRISMA Scoring and How to Improve Your Grades
This article explains how CYRISMA calculates scores for Data, Vulnerability, Secure Baseline, and Compliance, and provides guidance on updating your scores after making improvements.
Written by Liam Downward
Updated at November 27th, 2024
- User Manual
- Self Onboarding Guide
- Agents
- The Cyber Risk Assessment Process
- PSA Integrations
- General Questions and Troubleshooting
- The Cyber Risk Assessment Process (Video Tutorials)
- Sales and Prospecting Articles
- CYRISMA Partner Portal Access
- Glossary
- API Documents
- CYRISMA Change Log
- Support Ticket SLA
- Billing Questions
Table of Contents
1. Scoring for Data, Vulnerability, and Secure Baseline Scans
How Scores Are Calculated:
Scores are based on the s from completed scans, not on the remediation actions themselves.
- After you patch vulnerabilities, address sensitive data issues, or adjust OS configuration settings, your score will not immediately improve.
- You must run a new scan to reflect these updates in your Risk Grade score.
2. Scoring for Data, Vulnerability, and Secure Baseline Scans
How Scores Are Calculated:
Scores are based on the s from completed scans, not on the remediation actions themselves.
- After you patch vulnerabilities, address sensitive data issues, or adjust OS configuration settings, your score will not immediately improve.
- You must run a new scan to reflect these updates in your Risk Grade score.
Steps to Improve Your Score:
- Complete remediation tasks such as patching or addressing flagged issues.
- Run a new scan for the relevant area (e.g., Vulnerability, Data, or Secure Baseline).
- Verify that the updated scan results reflect the completed changes.
3. Compliance Scoring
Current Compliance Scoring System:
Compliance scores are currently based on:
- Microsoft Secure Score: Measures security practices in your Microsoft environment.
- Active Directory (AD) Monitor: Tracks AD security and compliance status.
Questionnaires and GRC Features:
- Completing compliance questionnaires or using the GRC (Governance, Risk, and Compliance) module does not yet impact your compliance score.
- Phase 1 of the GRC module is designed for usability and feedback gathering, with grading integration planned by the first week of November.
Steps to Improve Compliance Scores:
- Run a new AD Monitor scan to ensure updates and improvements are captured.
- Monitor and improve your Microsoft Secure Score by addressing flagged issues.
- Stay tuned for the November GRC update, which will include questionnaire results in the overall Compliance and Risk Grades.
5. Key Takeaways for Scoring
- Always run new scans after making changes to ensure scores are updated.
- Compliance scoring currently focuses on Secure Score and AD Monitor results, with GRC integration planned soon.
- The Vulnerability score reflects the presence of unresolved issues, so regular scans and prompt remediation are key to maintaining a strong score.
Need Further Assistance?
If you have additional questions about how scoring works or need help running scans, feel free to contact Cyrisma Support. Our team is here to help!