vCISO Sample Report

Posture Score

Basic protection measures have been taken. Only the most basic attacks are blocked.

Attack vector score

Current cybersecurity threat readiness of four cyber attack categories.

Data Leak

An overlooked exposure in a data storage which might lead to data breach.

Website Defacement

An unauthorized and malicious modification
of web page content.

Ransomware

A threat by a malicious software to either publish or block access to data by encryption, unless a ransom is paid.

Fraud

A crime in which someone gains
inappropriate access to financial or sensitive business information, used to commit fraudulent crimes.

Cybersecurity readiness level

31

Total Policies

3

Meet target score

28

Under target score

A mapping process of your organization shows that 31 security domains must be secured to safeguard the organization from cyberattacks. To increase the organization’s cybersecurity readiness, follow the
custom-made policies of each security domain. For a good cyber hygiene, address first security domains with large gaps between current and target score.

Company readiness by security domain

DOMAIN

SCORE

Access

5.2

Active Directory

3.1

Asset Management

3.2

Awareness

1.7

Business Continuity

3.3

Change and Configuration Management

5.5

Compliance and Auditing

3.1

Data Protection

8.8

Domain and DNS

10

Email and Messages

1.8

Environmental Controls

8

Hosted Network

2.6

Hosted Server

2.4

Human Resources

1.4

Incident Response

1.6

Information Security Management

5.5

Logging and Monitoring

5.1

Microsoft 365

3.2

On-Premises Network

5.2

On-Premises Server

2.3

Operations and Maintenance

6

Passwords

3.5

Physical Infrastructure

6.6

Remote Access

5.6

Risk Management

5.8

SaaS

3.6

Service Provider Management

3.9

Scan findings

External scan
Microsoft Secure Score
External Nessus scan
Internal network scan

Scanning networks and applications exposes hidden infrastructure vulnerabilities. Addressing these vulnerabilities will reduce the chances of your organization being the subject of a cyberattack.

64

Total findings

2

Critical

16

High

42

Medium

2

Low

2

Info

External scan

Microsoft Secure Score

External Nessus scan

Internal network scan

Sample findings

Each finding addresses a specific asset and details the specifics of its detected vulnerabilities.
Using the Cynomi platform, you can review online or download the full list of findings.

SOURCE

SEVERITY

FINDING

ASSET

External Nessus scan

SSL Version 2 and 3 Protocol Detection

127./7.4.123

Internal network scan

On-premises workstation password in not required for computer users

192.161.0.110

External Nessus scan

PHP < 4.4.1 / 5.0.6 Multiple Vulnerabilities

127.7.4.123

Internal network scan

Not all domain controllers are set up with the same operating system

192.168.0.11

Internal network scan

On-premises workstation is missing security patches

192.161.0.110

Risk mitigation plan

The risk assessment of your company revealed 426 tasks to address. 112 tasks have been added to your risk mitigation plan.

112

Total findings

37

Critical

73

High

1

Medium

1

Low

Plan breakdown

Task status

50

Completed*

71

Not started

14

In progress

7

Deferred

* Includes tasks in status done or fulfilled

Appendix A – Work Plan

NAME

POLICY

STATUS

DUE DATE

ID

Performing vulnerability assessments of public-facing systems and network devices

Vulnerability Management

In progress

Jan 17, 2023

CY 1-107803

Segmenting networks

Hosted Network

In progress

Feb 1, 2023

CY 1-924331

Installing advanced endpoint protection

Workstation and Mobile Devices

In progress

Feb 28, 2023

CY 1-802662

Protecting server password

On-Premises Server

In progress

Mar 15, 2023

CY 1-979306

Multi-Factor Authentication

Email and Messages

In progress

Mar 16, 2023

CY 1-579275

Adopting supporting tools

Software Development

In progress

Mar 16, 2023

CY 1-684484

Protecting server password

Hosted Server

In progress

May 18, 2023

CY 1-498191

Performing code review for human-readable code

Software Development

In progress

Jun 15, 2023

CY 1-065333

Conducting cyber security exercises

Awareness

Not started

Jan 31, 2023

CY 1-555493

Restrict systems configurations to provide only the necessary ports, protocols, and service needed for operations

Change and Configuration Management

Not started

May 18, 2023

CY 1-426565

Disabling SMBv1 protocol

Active Directory

Not started

May 19, 2023

CY 1-438206

Preventing malware attacks

Email and Messages

Not started

Jun 14, 2023

CY 1-756858

Centrally managing account access

Access

Fulfilled

Nov 11, 2022

CY 1-653918

Deleting inactive user accounts

Active Directory

Fulfilled

Dec 13, 2023

CY 1-643598

Preventing phishing attacks

Email and Messages

In progress

Mar 9, 2023

CY 1-021332

Managing live and test data

Software Development

In progress

Mar 15, 2023

CY 1-958311

Implementing information processing facilities with redundancy

Business Continuity

In progress

Mar 16, 2023

CY 1-879894

Appendix B – NIST-CSF Compliance Report

Detailed Report

This report details your organization’s compliance status with the framework, for the purpose of initial evaluation. This status is based on information provided by you about your organization.

CONTROL

SEVERITY

FINDING

DE.AE-1

CYT-183617, CYT-881228

DE.AE-2

CYT-959963, CYT-004652

DE.AE-3

CYT-395545

DE.AE-4

CYT-959963

DE.AE-5

CYT-024763

DE.CM-1

CYT-101697, CYT-479472, CYT-609986, CYT-477889, CYT-755526, CYT-660263

DE.CM-2

CYT-996872, CYT-010800, CYT- 971512

DE.CM-2

CYT-996872, CYT-010800, CYT- 971512

DE.CM-3

CYT-895962, CYT-543844, CYT-881228, CYT-959963

DE.CM-4

CYT-531651, CYT-829911, CYT-802662, CYT-801509, CYT-756858

DE.CM-5

CYT-053930, CYT-053930, CYT-382705

DE.CM-6

CYT-522696, CYT-881228

DE.CM-7

CYT-373569, CYT-959963, CYT-454915, CYT-001346, CYT-881228, CYT-831279

DE.CM-8

CYT-107803, CYT-809488, CYT-462312

Ready To Get Started?
Contact Us!

Unlock a complimentary VCISO sample report consultation. Discover expert insights and recommendations to fortify your cybersecurity strategy.