Kybermittari, a tool developed by NSCS-FI, improves the ability of companies, organisations, and society at large to prevent cyber threats. Kybermittari is a concrete tool for managers of companies and organisations to better control cyber threats, offering a means to assess critical functions, processes, and dependencies.
Societal and organisational functions depend on digital services and systems. The digital operating environment is increasingly subject to cyber threats and disruptions, and interdependencies raise the risk of operational interruptions. Preparations call for cooperation between all parties and understanding across sector-specific boundaries. This also helps to safeguard Finland’s overall level of cybersecurity.
What is Kybermittari?
Kybermittari is a tool which helps corporate managers to visualise the maturity level of important operational cybersecurity capabilities per domain and objective. Kybermittari displays the level of cyber risk identification, protection, detection, response and recovery in organisations. It also visualises the maturity level related to the management of the supply chain and external dependencies. What is more, corporate managers can obtain valuable information about their preparations against cyber risks in comparison to the average level in their sector.
Kybermittari has been customised for companies and organisations operating in Finland, and it is based on international measurement models for cybersecurity capabilities. The national approach enables the even-handed benchmarking of companies and sectors and defines a shared language for the measurement and development of cybersecurity. The role of NCSC-FI is to support the continuity and long-term use of the tool and to create preconditions for sharing confidential information about best practices, recommendations, and reference results in cooperation with critical organisations.
In addition to NCSC-FI and the National Emergency Supply Agency, the development and piloting phase of Kybermittari has involved organisations, companies, specialists, and authorities within the scope of the critical infrastructure. Kybermittari is based on the international NIST Cybersecurity Framework and Cybersecurity Capability Maturity Model (C2M2).
NCSC-FI offers Kybermittari freely for companies, associations, and public organisations. It can also be used by commercial parties and the authorities. Material related to Kybermittari is published in Finnish, Swedish and English. The tool’s primary target group consists of companies which are critical in terms of the security of supply, while it is also suitable for evaluating the activities of companies, associations, and public organisations of all sizes, regardless of the sector.
Organisations can share the assessment results produced using Kybermittari voluntarily and confidentially with NCSC-FI. NCSC-FI can use the results confidentially to carry out its statutory tasks. It can also use the results to define anonymised reference and recommendation levels, which it can offer to organisations to support the use of Kybermittari and the development of cybersecurity. Reference and recommendation levels will be defined so that no conclusions concerning individual organisations or their assessment results can be drawn from them.