Role playbook · CISO
CISO
CISO and direct reports (head of SOC, head of GRC).
Audience: Security leadershipTime to first value: end of week 2
Why CyViation matters in your role
You already own enterprise IT risk. CyViation adds the airborne and ground-operations layer with the same governance language — risk register, KPIs, approval workflows, audit trail:
- A fleet-wide risk score with trend, drilldown to tail and to Overwatch campaign.
- Approval workflows for out-of-cycle patches, risk acceptances and policy changes.
- Reporting mapped to SOC 2, ISO 27001, NIST CSF and EASA Part-IS.
Daily playbook
- Glance at the fleet risk score and any unacknowledged critical alerts — 60 seconds, mobile is fine.
[SkyRay → Executive Dashboard] - Review escalations from SOC and MRO; unblock anything waiting on you.
- Approve out-of-cycle patches or risk acceptances — one click + a reason, not a long ticket dance.
Weekly playbook
- Review fleet-wide risk posture vs. last week — trend matters more than the absolute number.
[SkyRay → Risk Posture] - Sign off on the weekly threat brief before it reaches flight ops and the board readout.
- Review compliance / audit readiness — open findings, control evidence, anything aging.
- Sync with COO / Head of Ops on decisions where security and availability trade off.
- Sync with the CyViation TAM if anything is off-trend.
First 30 days
- Risk thresholds and approval policies configured (who approves what, at what severity)
- Top 5 KPIs picked and visible on the Executive Dashboard
- Conducted one tabletop spanning SOC, MRO, dispatcher and flight ops
- Established reporting cadence to board and regulators, with sample artefacts
- Approved at least one out-of-cycle patch and one risk acceptance, end-to-end with audit trail
- Walked through Admin UI access policies; confirmed least-privilege for one customer scope
- Met your CyViation TAM; named a single point of contact on each side
KPIs worth tracking from day one: time-to-acknowledge for critical alerts · patch SLA compliance (critical 7d / high 30d, adjust to contract) · open risk acceptances & aging · coverage (% tails with current SBOM & scan) · mean time-to-decide for escalations.
Key screens
| Use case | Screen |
|---|---|
| Daily glance | [SkyRay → Executive Dashboard] |
| Fleet risk posture, trend, drilldown | Regulation & Risk · [SkyRay → Risk Posture] |
| Strategic campaign / actor view | [Overwatch → Campaign View] |
| User & customer scope management | [Admin UI → Customer & User Management] |
| Approvals queue | [SkyRay → Approvals] |
Escalation flow
| Situation | Direction | How |
|---|---|---|
| Risk score breached your threshold | SOC → CISO | Automatic; already on your dashboard |
| Patch backlog past SLA | MRO → CISO | Weekly review, plus immediate ping for critical breaches |
| Material event with disclosure implications | CISO → board / regulator | Pre-agreed template — don't draft under pressure |
| Customer-scope policy change | Customer success → CISO | Approval flow in Admin UI, never email-only |
Glossary
Full list on the Glossary page. Key terms here: risk acceptance, out-of-cycle patch, customer scope, EASA Part-IS, tabletop.