Methodology and results
The Arctic Wolf® Cyber Resilience Assessment helps you evaluate the security posture of your organization in terms of:
- Groups — These are proven strategies and techniques based on an overarching principle.
- Elements — These are action items that help organizations follow the framework recommendations.
Groups and elements respectively represent the high-level and low-level components of a cybersecurity framework. Each cybersecurity framework has its own terminology for groups and elements. For example:
| Framework | Group | Element |
|---|---|---|
| CIS Critical Security Controls (CIS Controls) | CIS Controls | CIS Safeguards |
| National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) | Categories | Subcategories |
| Australian Signals Directorate (ASD) Essential Eight Maturity Model | Mitigation Strategy | Controls |
| National Cyber Security Centre Cyber Essentials | Technical Controls | Requirements |
Arctic Wolf weights each element to visualize its contribution to the security posture of your organization. Generally, the weighting system uses this logic:
- Every element contributes to a group, but some elements increase cyber resilience more than others.
- The extent to which your organization has implemented an element determines how effective the element is.
To complete a Cyber Resilience Assessment, you must provide information about specific factors that affect cyber resilience for one or more elements. For descriptions of each cyber resilience factor, see Value calculation.
After completing an assessment, you can review the security posture of your organization from these perspectives:
- Overall security posture — For more information, see Cyber Resilience Index.
- Impact of updates to a Cyber Resilience Assessment over time — For more information, see Progress Tracker.
- Total value of all elements for each group — For more information, see View framework groups.