What policyholders can expect from the Corvus vCISO experience that enables quick prioritization of security improvements
In this article:
Once you’re insured by Corvus, it’s time to take steps to reduce your risk. By this point you should have received information about Corvus’s Risk + Response Services. These hands-on services provide great opportunities to enhance your security with the help of experts at Corvus and our partners.
But there’s a step you can take right away to help prioritize actions and improve security in just a few minutes: visit the Corvus vCISO Center.
What is the vCISO Center?
The Corvus vCISO Center is an area within your Policyholder Dashboard where you can explore, prioritize and fix gaps in your cybersecurity posture, plus level up your security with discounted offerings from preferred partners. (To access your Dashboard, you will receive an invite by email after your insurance policy is finalized.) The vCISO Center currently has four tabs:
- The Scan Results show your latest report from the Corvus Scan, our non-invasive IT security scan. This is the same scan that Corvus uses to help underwrite your policy. It locates and prioritizes vulnerabilities by looking at your IT system from the outside-in -- the way a hacker would. When you first access your Dashboard, this section will already be complete — no action required. The information is updated monthly, at minimum.
- The Security Questionnaire covers the security policies and programs at your organization through the answers to questions provided by you or someone at your organization. This is the “inside-out” view to the Corvus Scan’s outside-in view.
- The Action Center is where the above sources of information are brought together into a single, prioritized list of IT security recommendations. In addition to recommended actions, we’ll include our recommendations for which free or reduced-cost services from Corvus will be most helpful for your organization.
- The Vendor Marketplace is a centralized repository of thoroughly vetted partners that offer cybersecurity products and services. When exploring the Vendor Marketplace, you will be presented with “tiles” that include: descriptions of our cybersecurity partners, what categories of services or products they offer, and upon clicking an individual tile, it will connect you directly to the vendor.
Overview of Scan Results
We recommend starting by reviewing your Scan Results tab, found on the left-hand side navigation. This tab's report will be pre-filled, since we run a Corvus Scan on all policyholders on a regular basis. We recommend that you revisit this tab in the future to see if any information has changed as your IT system evolves over time.
💡 Tip: Many Corvus Policyholders set a recurring reminder on their calendar to check in on their Scan Results once a month to keep tabs on their security posture throughout the year.
At the top you'll see an overview with quantitative scores, and below that each of the sections can be expanded to reveal the specific findings of the scan. This may be helpful for reference later as you work to remediate any issues prioritized in the Action Center, but otherwise no actions are required on this page.
Once you've reviewed your Scan Results, click over to the Security Questionnaire.
Overview of Security Questionnaire
The Security Questionnaire is critical to getting the most from the vCISO Center. This is where we gather information about the policies and programs in place at your organization. This information is then combined with the Scan Results to form the optimal priority of personalized recommendations the Action Center (discussed in the next section).
Landing on the Questionnaire home page, you’ll see two options: Ransomware Supplemental Assessment and Security Advanced.
Ransomware Supplemental Assessment
This quick, five-minute module covers basic aspects of security, and can be filled out either by a member of your IT department or anyone with a solid understanding of your organization’s IT. The questions cover categories like Email Security, Data Backup and Recovery, Privileged Account Management and Endpoint and Network Security. Most are simple “select all that apply” questions. You may leave any of these questions blank if you don’t know the answer, but keep in mind that any we are not able to analyze may result in the Action Center results remaining incomplete.
This module within the Security Questionnaire requires a more advanced understanding of your organization’s IT. It covers most of the same categories as the Security Essentials module, but drills in deeper with Yes/No questions regarding more specific aspects of security within each category. This is why we recommend adding a member of your IT department’s leadership team to the Corvus Policyholder Dashboard as part of your setup process. Filling out the Advanced module will enable the most complete set of recommendations in the Action Center.
A sample of the questions in the Security Advanced module of the Questionnaire
The Action Center is where the rubber meets the road in your vCISO experience. Information from your Corvus Scan results are combined with the answers given in the Security Questionnaire, leading to a complete picture of security and prioritized recommendations.
If you’ve not yet completed any portion of the Security Questionnaire, you’ll only see Action Cards pertaining to risks discovered in the Corvus Scan. (You may see none -- even if your numerical scores aren't perfect, there may be no actions with a high enough impact rating to be included in the Action Center). Once you complete at least one module of the Questionnaire, you’ll see Action cards that result from the answers you've given, with the most critical at the top of the list.
Each of these Action Cards can be expanded to reveal details about the issue discovered, with explanation from our Security Team. Once you complete the Actions described in the Action Card, select “Yes” to move that card to the “Completed” section.
Your Action Cards will be updated each time we refresh your Corvus Scan report (monthly, at minimum) to include any newly discovered issues. We also recommend revisiting the Security Questionnaire once per year to account for any changes that have taken place in your IT system.
💡Tip: When you use the button to move an Action Card to "Completed," this selection will also flow back to the relevant part of the Security Questionnaire. That way, when you revisit the security questionnaire in the future, it will include your most recent selections.
The Vendor Marketplace is a centralized repository of thoroughly vetted partners that offer cybersecurity products and services. When exploring the Vendor Marketplace, you will be presented with “tiles” that include: descriptions of our cybersecurity partners, what categories of services or products they offer, and upon clicking an individual tile, it will connect you directly to the vendor.
Corvus has strategic relationships with vendors in the marketplace to unlock preferred pricing. In the spirit of staying true to our mission of making the world a safer place, Corvus is not involved in any sales that occur within the marketplace and we hand off this preferred pricing to our policyholders. As a Corvus Policyholder, you can take advantage of discounts in the Vendor Marketplace to continue along your security journey. By doing this, we hope to help organizations become more secure while also being cognizant of budgetary constraints.
If you need help in understanding either the questions or the recommendations, help is always available through your Dashboard, or by emailing firstname.lastname@example.org.
By using the vCISO Center’s resources you’ll also be ready to utilize one of Corvus’s most popular Risk & Response services: a call to discuss your cybersecurity recommendations. A Corvus security expert will walk you through the entire contents of the vCISO page and add their additional context and color.