What policyholders can expect from the Corvus vCISO experience that enables quick prioritization of security improvements
In this article:
Once you’re insured by Corvus, it’s time to take steps to reduce your risk. By this point you should have received information about Corvus’s Risk and Response services. These hands-on services provide great opportunities to enhance your security with the help of experts at Corvus and our partners.
But there’s a step you can take right away to help prioritize actions and improve security in just a few minutes: the Corvus vCISO.
What is the vCISO?
The Corvus vCISO (short for “virtual CISO”) is found in your Policyholder Dashboard (you will receive an invite by email to set up your account after binding). vCISO consolidates cybersecurity recommendations from multiple sources: your Dynamic Loss Prevention Report, Ransomware Risk Score, and vCISO Assessment.
- The Dynamic Loss Prevention Report is driven by a non-invasive IT security scan. This is the same scan that Corvus uses to help underwrite your policy. It locates and prioritizes vulnerabilities by looking at your IT system from the outside-in -- the way a hacker would.
- The Ransomware Risk Score is also driven by the Corvus scan, but focuses on ransomware risk. Vulnerabilities such as open remote desktop protocol (RDP) may be located by this score.
- The vCISO Assessment covers the security policies and programs at your organization through the answers to questions provided by you or someone at your organization. (More on this below).
By combining the recommendations from these sources into a single page, you can get a sense of the highest priorities across different types of security issues, and make a more informed decision about what actions to take next. In addition to recommended actions, we’ll include our recommendations for which free or reduced-cost services from Corvus will be most helpful for your organization.
What you’ll see on the vCISO tab, and how to use its features
To access the vCISO page, log into your Policyholder Dashboard (you will receive an invite by email to set up your account) and once there, click the second tab, labeled “vCISO.” You can also jump right into the Assessment portion from your dashboard (more on this below).
If it's your first time accessing the vCISO tab, you will notice that some of the recommendations are not yet available, showing up as “Locked”. You can unlock these recommendations by starting the vCISO Assessment with the teal button. See the following section in this article for more information on the Assessment.
Other recommendations will be visible (sample shown below), because they are driven by the Corvus Scan performed when Corvus provided the quote for your policy. For these, you will see the specific IP addresses and/or specific vulnerabilities (labeled by CVE number if applicable) that were located by the scan. Then you’ll see a recommendation for action from Corvus security experts, along with links to further information.
Below your recommendations, other items will show as “Cleared” indicating that no action is needed. At the bottom of the page, you can also access the full PDF versions of your DLP Report or vCISO Recommendations.
Overview of the vCISO Assessment
In order to complete the vCISO experience, you’ll need to answer questions in the vCISO Assessment. This is accessible from the main page of your Dashboard or from the buttons on any of the “Locked” recommendations on the vCISO tab.
This easy, five-minute assessment will provide us with the rest of the information we need to complete your “virtual CISO” recommendations. Your answers, combined with the results of our external scan, will generate the most impactful steps to make your organization safer — plus our recommendations for free or reduced-cost services from Corvus. By completing the assessment you’ll also be ready to schedule your expert consultation, a thirty-minute call to discuss your vCISO recommendations.
The questions come in seven categories with two to four questions in each. Most are a simple “Yes/No” question, with a few exceptions where you’ll need to know the names of security vendors you may use. You may leave any of these questions “uncertain” but keep in mind that any we are not able to analyze may result in the vCISO page remaining incomplete.
After completing the full Assessment, you’ll get an email with a PDF of the results, or you can view recommendations right away on the vCISO tab on your dashboard.
💡Tip: Any recommended actions that result from your survey answers will show the Yes, No, and Uncertain buttons again on the vCISO tab. If you complete the recommended actions, you can easily select "Yes" to move that item to "completed" status without having to redo the full Assessment.
If you need help in understanding either the questions or the recommendations, help is always available through your dashboard, or by emailing firstname.lastname@example.org.
By completing the vCISO assessment you’ll also be ready to utilize one of Corvus’s most popular Risk & Response services: a call to discuss your cybersecurity recommendations. A Corvus security expert will walk you through the entire contents of the vCISO page and add their additional context and color. You can email the address above or contact your broker to arrange the call after exploring your vCISO page and filling out your vCISO assessment.