Shaping the Security of Tomorrow

Streamline your organization's cybersecurity risk management using industry best-practices without the need for complex tools!

Find Out More

Take the Guesswork Out of Risk Management

Somni is a powerful aid which can greatly enhance your organization's risk management practices. Industry-standard frameworks, such as NIST CSF, are tremendously advantageous – providing a set of guidelines for mitigating organizational cybersecurity risks, based on existing standards, guidelines, and practices – but what they often lack are actionable objectives. NIST CSF doesn't provide a predefined set of controls or dictate their direction, rather it relies on you to determine and implement those components. Somni helps fill in the gap here, letting you ask granular questions which identify gaps and align to the NIST CSF to ensure adherence with industry best practices.

Think of Somni as the tactical planning for your strategy. Somni provides an accessible platform for executing your strategic cybersecurity program and prioritizing investment decisions, aligned with your business goals. You can gain confidence in your risk posture and streamline the risk management process, allowing you to be more proactive and resilient in your approach towards cybersecurity in your organization.

Learn More

Frequently Asked Questions

How does it work?

The core of Somni is a series of comprehensive questions, categorized into various information security domains. These questions are presented in a spreadsheet for ease of use and tracking. Each question is meant to provide a simple and straight forward state which can easily be answered by anyone without being an expert. This means, nearly all questions will have a binary answer: either "yes" or "no". Once you have recorded your answers, they will automatically be calculated in the spreadsheet, and a NIST CSF alignment score will be provided for each NIST CSF category on the summary page (scores will be presented from 0-5, with 5 being the highest alignment Somni can score.)

What score should I target for each category?

The particular score you want to target for your program needs to be aligned with your program. In an ideal world, you would want 5 across the board, but it may not be reasonable or even desirable to do so in every environment. A good rule of thumb is to start by targeting a minimum score of 2, then raising your targets for specific areas where you want to invest for your program.

Does Somni work with my existing risk management process?

Absolutely! Somni provides a tactical process for evaluating posture. After answering all questions, you can easily use the answers to provide context for any other framework or process you are using. The Somni questionnaire itself should not be considered "evidence". Evidence should still be collected and stored separately. For the purpose of Somni, you won't strictly need this, but other requirements (e.g., SOX) may demand this.

Does this help with vendor management?

Somni is not a vendor questionnaire. It is not meant to be filled out by vendors and third parties, but you will need their input to answer some of these questions. The goal of Somni is to help you understand the posture for your data and systems responsibilities.

There are a lot of questions. Do I need to answer them all?

Even if you don't want to look at every piece of data and every asset in your organization, you will still be responsible for them. Recent regulatory changes and decisions are reinforcing the concept that organizations must be accountable for maintaining a reasonable baseline of security. Somni's core questions are meant to help identify responsibilities and opportunities for improvement, and as such you will only get the full value if you fill out all of the questions.

The good news is, you don't need to fill out everything immediately to get started! You can break up various domains and categories, delegating them to multiple stakeholders and over whatever window of time works for you. The point is reducing the amount of uncertainty in your environment - the more you fill in, the less uncertainty you will have. And you can easily iterate over this process over time to improve it. Maybe start with a small goal, like 50 questions a week. Over six months, you can have a complete picture of your program.

Download Somni for Free!

Download Now!

(Alpha Version)