What policyholders can expect from the Corvus vCISO experience that enables quick prioritization of security improvements
In this article:
Once you’re insured by Corvus, it’s time to take steps to reduce your risk. By this point you should have received information about Corvus’s Risk + Response Services. These hands-on services provide great opportunities to enhance your security with the help of experts at Corvus and our partners.
But there’s a step you can take right away to help prioritize actions and improve security in just a few minutes: visit the Corvus vCISO Center.
What is the vCISO Center?
The Corvus vCISO Center is an area within your Policyholder Dashboard where you can explore, prioritize and fix gaps in your cybersecurity posture, plus level up your security with discounted offerings from preferred partners. (To access your Dashboard, you will receive an invite by email after your insurance policy is finalized.) The vCISO Center currently has three tabs:
- The Scan Results show your latest report from the Corvus Scan, our non-invasive IT security scan. This is the same scan that Corvus uses to help underwrite your policy. It locates and prioritizes vulnerabilities by looking at your IT system from the outside-in -- the way a hacker would. When you first access your Dashboard, this section will already be complete — no action required. The information is updated monthly, at minimum.
- The Security Questionnaire covers the security policies and programs at your organization through the answers to questions provided by you or someone at your organization. This is the “inside-out” view to the Corvus Scan’s outside-in view.
- The Action Center is where the above sources of information are brought together into a single, prioritized list of IT security recommendations. In addition to recommended actions, we’ll include our recommendations for which free or reduced-cost services from Corvus will be most helpful for your organization.
Overview of Scan Results
We recommend starting by reviewing your Scan Results tab, found on the left-hand side navigation. This tab's report will be pre-filled, since we run a Corvus Scan on all policyholders on a regular basis. We recommend that you revisit this tab in the future to see if any information has changed as your IT system evolves over time.
💡 Tip: Many Corvus Policyholders set a recurring reminder on their calendar to check in on their Scan Results once a month to keep tabs on their security posture throughout the year.
At the top you'll see an overview with quantitative scores, and below that each of the sections can be expanded to reveal the specific findings of the scan. This may be helpful for reference later as you work to remediate any issues prioritized in the Action Center, but otherwise no actions are required on this page.
Once you've reviewed your Scan Results, click over to the Security Questionnaire.
Overview of Security Questionnaire
The Security Questionnaire is critical to getting the most from the vCISO Center. This is where we gather information about the policies and programs in place at your organization. This information is then combined with the Scan Results to form the optimal priority of personalized recommendations the Action Center (discussed in the next section).
Landing on the Questionnaire home page, you’ll see two options: Security Essentials and Security Advanced.
This quick, five-minute module covers basic aspects of security, and can be filled out either by a member of your IT department or anyone with a solid understanding of your organization’s IT. The questions cover categories like Email Security, Data Backup and Recovery, Privileged Account Management and Endpoint and Network Security. Most are simple “select all that apply” questions. You may leave any of these questions blank if you don’t know the answer, but keep in mind that any we are not able to analyze may result in the Action Center results remaining incomplete.
This module within the Security Questionnaire requires a more advanced understanding of your organization’s IT. It covers most of the same categories as the Security Essentials module, but drills in deeper with Yes/No questions regarding more specific aspects of security within each category. This is why we recommend adding a member of your IT department’s leadership team to the Corvus Policyholder Dashboard as part of your setup process. Filling out the Advanced module will enable the most complete set of recommendations in the Action Center.
A sample of the questions in the Security Advanced module of the Questionnaire
The Action Center is where the rubber meets the road in your vCISO experience. Information from your Corvus Scan results are combined with the answers given in the Security Questionnaire, leading to a complete picture of security and prioritized recommendations.
If you’ve not yet completed any portion of the Security Questionnaire, you’ll only see Action Cards pertaining to risks discovered in the Corvus Scan. (You may see none -- even if your numerical scores aren't perfect, there may be no actions with a high enough impact rating to be included in the Action Center). Once you complete at least one module of the Questionnaire, you’ll see Action cards that result from the answers you've given, with the most critical at the top of the list.
Each of these Action Cards can be expanded to reveal details about the issue discovered, with explanation from our Security Team. Once you complete the Actions described in the Action Card, select “Yes” to move that card to the “Completed” section.
An example of an Action Card expanded to show detail and buttons
Your Action Cards will be updated each time we refresh your Corvus Scan report (monthly, at minimum) to include any newly discovered issues. We also recommend revisiting the Security Questionnaire once per year to account for any changes that have taken place in your IT system.
💡Tip: When you use the button to move an Action Card to "Completed," this selection will also flow back to the relevant part of the Security Questionnaire. That way, when you revisit the security questionnaire in the future, it will include your most recent selections.
If you need help in understanding either the questions or the recommendations, help is always available through your Dashboard, or by emailing firstname.lastname@example.org.
By using the vCISO Center’s resources you’ll also be ready to utilize one of Corvus’s most popular Risk & Response services: a call to discuss your cybersecurity recommendations. A Corvus security expert will walk you through the entire contents of the vCISO page and add their additional context and color.