Compliance
The Compliance section stores documentation related to procedural guides (RAMP and CIRP), generates Board and CyberGov reports, and houses your organization’s charter and cybersecurity policy based on your assigned Threat Profile.
Governance Reporting
Section titled “Governance Reporting”Governance reporting lets you generate presentation decks for leadership audiences. Reports are exported as editable PPTX files. The Report Type dropdown controls which format is generated:
- Board Deck — A condensed summary intended for board-level reporting. Includes Sev1 and Sev2 incidents in summary form.
- CyberGov — A longer format with additional slides covering risks at high and critical urgency, plus detailed appendix slides for Sev1, Sev2, and Sev3 incidents.
The Report Name field is editable. Whatever you enter will appear on the generated deck.
Slide Composition
Section titled “Slide Composition”Both report types share a common set of slides. The CyberGov report adds detail tables for risks and incidents.
| Slide | Board Deck | CyberGov |
|---|---|---|
| Title | Yes | Yes |
| Executive Summary | Yes | Yes |
| Threat Profile | Yes | Yes |
| Risk Overview | Yes | Yes |
| Risk Details (table) | — | Yes |
| Incident Overview | Yes | Yes |
| Incident Details (table) | — | Yes |
| Compliance | Yes | Yes |
Threat Profile slide
Section titled “Threat Profile slide”The Threat Profile slide renders your organization’s threat profile heat map. If a threat objective’s score changed during the reporting period, an arrow shows the movement from the previous position to the current one. Objectives that did not change during the period show only the current position.
Detail tables (CyberGov only)
Section titled “Detail tables (CyberGov only)”The CyberGov report includes paginated detail tables for risks and incidents within the reporting period. Each row includes a clickable ID that links back to the item in the platform. Risk tables show title, status, urgency, source, type, discovered date, expected date, due date, and closed date. Incident tables show title, status, severity, source, detected date, occurred date, responded date, and contained date.
Executive Summary
Section titled “Executive Summary”The executive summary is generated by AI. It takes threat profile data, risk metadata, and incident metadata from the reporting period and produces narrative summaries for threats, risks, incidents, and compliance. See AI Features for details on how AI is used in governance reporting.
Report Period Coverage
Section titled “Report Period Coverage”Both report types are scoped to a reporting period. The period determines which risks and incidents appear in the generated deck.
Risks included if they were:
- Discovered during the period
- Overdue during the period (due on or before the period end, and either still open or closed during/after the period)
- Closed during the period
Incidents included if they were:
- Detected during the period
- Occurred during the period
- Contained during the period
- Ongoing during the period (detected or occurred before the period, not yet contained)
Threat Profile scores are filtered to changes made on or before the period end. Movement arrows appear only when the most recent score change falls within the reporting period.
Procedural Guides
Section titled “Procedural Guides”Adversarial includes two procedural guides:
- CIRP (Cyber Incident Response Procedure) — Governs how your organization responds to incidents.
- RAMP (Risk Assessment Management Procedure) — Governs how your organization assesses and manages risks.
Policies
Section titled “Policies”Adversarial generates a set of cybersecurity policies based on your established Threat Profile. The generated policies reflect the risk posture defined by your threat objective scores.
Gap Analysis
Section titled “Gap Analysis”Compare the generated policies against your organization’s existing policy set to identify areas where language should be scaled up or down. To perform a gap analysis:
- Review the generated policies alongside your current documentation.
- Identify sections where the generated language is stronger or weaker than what you have in place.
- For any reductions, the rationale should be evident from your Threat Profile scoring.
Previewing Policy Variations
Section titled “Previewing Policy Variations”Adjust the sliders in each policy section to preview more conservative or more aggressive policy choices. This lets you see why certain language was or was not suggested — the connection between slider position and policy text makes the reasoning behind each recommendation transparent.
Charter
Section titled “Charter”The CyberGov Charter is a 1-page document for the Cybersecurity and Privacy Governance Committee. It serves two purposes:
- Briefing document — Introduces participants to the purpose and scope of the governance committee.
- Evidence artifact — Provides documentation for third-party reviews and regulatory audits.
Customizing Attendee Roles
Section titled “Customizing Attendee Roles”Adversarial provides a default set of attendee roles commonly seen across organizations. You should:
- Remove roles that do not exist at your organization.
- Add key individuals who perform decision-making duties or fill the responsibilities of removed titles.
For details on meeting cadence and the initial CyberGov meeting, see CyberGov.