CIS Logo
tagline: Confidence in the Connected World
Home ResourcesCase Study • Whistic’s Security Risk Assessment Platform Aligned to the CIS Controls

Whistic’s Security Risk Assessment Platform Aligned to the CIS Controls

Whistic is located in the Silicon Slopes of Utah offering a cloud-based Vendor Risk Management platform that enables companies to gain visibility into who they are sharing data with, what kind of data they are sharing, and whether vendors are actually prepared to be good stewards of that data.  We spoke with Nick Sorensen, CEO of Whistic, who helps enhance the ability of organizations to improve their internal security posture and assess the security risks of their third parties as cyber threats continue to increase.  He stated, “The CIS Controls and CIS Benchmarks are the global standard and recognized best practices for securing IT systems and data against the most pervasive attacks. Our ability to offer the CIS Controls as a questionnaire in a collaborative, online user experience will benefit our customers and their vendors as they seamlessly complete and securely share their responses.”

CIS Controls

A key challenge for many companies is assessing the risk of third-party partners. Often this can be a time-consuming process. Whistic makes vendor risk assessments easy to complete, review and manage.  Whistic’s dashboard provides data about the vendor assessment consisting of scoring, vendor assessment turnaround time, vendor assessments in process, and questions that are assigned to others.

To assess a vendor using the Whistic platform, you simply gather the vendor information from your business stakeholders using a customized vendor intake form and then trigger an invitation to the vendor for completing the assessment using the CIS Controls.  Upon receipt, the vendor will open the request which will take them to the directly CIS Controls Assessment.  The vendor will navigate through the 20 controls answering yes, no, or NA.  A comments section, supporting documents, and tracking log are also included.  A Control can be assigned to team members generating an email and due date. Upon completion of the assessment, a report is generated and the assessment scored.  The scoring is based on Whistic’s proprietary CrowdConfidence™ scoring algorithm developed through extensive research with cyber security professionals.

After the vendor is added to the Vendor Catalog, you can search by vendor and service/product.  You are able to track the real-time vendor assessment progress along with scoring, need for the assessment, business unit requesting the assessment, vendor status and other applicable information. By drilling down into the vendor record detail, you can view the assessment, results, document repository, vendor address and contacts, data the vendor has access to, systems the vendor integrates with, and notes generated during previous assessments or vendor interactions.

About their Products and Services

Serving information security teams in the United States and Europe, the Whistic security assessment platform simplifies the end-to-end assessment process and delivers visibility into third-party security risk that has historically been trapped in static questionnaires. Whistic simplifies and automates the sending, receiving and scoring of security profiles against the CIS Controls and widely adopted standards at scale as a part of the growing trend toward greater scrutiny of third-party vendor security. Whistic’s partnership with CIS, as well as its support of other leading standards and widely accepted frameworks, reinforces the company’s focus on enhancing the tools that companies already trust in order to understand the security posture of their third-party relationships. Their onboarding and client success teams will help you proactively identify, anticipate and prevent risks through discovery, remediation, and ongoing guidance.  Their advanced, patent-pending CrowdConfidence™ risk scoring algorithm delivers an automatically prioritized list of which risk to mitigate first in real-time using updated assessments.

About Whistic

Located in the heart of the Silicon Slopes in Utah, Whistic is a leading third-party security assessment platform. Built for information security teams looking to improve the effectiveness, efficiency, and scope of their third-party security assessment program, Whistic enhances productivity and unlocks insights traditionally trapped in static security questionnaires. Using the platform’s intelligent and automated recurring assessments, Whistic customers eliminate the administrative burdens of back-and-forth third-party requests and free up time to focus on security. The Whistic platform is designed for an intuitive and collaborative user experience and harnesses the wisdom of hundreds of security professionals to deliver risk insights through its proprietary CrowdConfidence™ scoring algorithm.  For more information, visit https://www.whistic.com, read the latest on the Whistic blog or follow Whistic on Twitter @Whistic_inc