How's My Cyber

A framework-independent cybersecurity operating model

IDIA organises every cybersecurity control into four clear pillars — Identity, Data, Infrastructure, and Assurance — so organisations of any size can measure, manage, and improve their security posture without being locked into a single compliance standard.

Start Free AssessmentView Pricing
Maps toISO 27001NIST CSFCIS Controls v8Essential EightPCI DSSSOC 2SMB1001

Four Pillars. Complete Coverage.

IDIA is not a replacement for compliance frameworks. It is the operating layer underneath them. When you improve your IDIA posture, your alignment to every mapped standard improves automatically.

I

Identity

Know who has access and control it.

Identity controls ensure that only the right people can access the right resources at the right time. This covers authentication, authorisation, and the full lifecycle of user accounts.

  • Unique accounts for every user
  • Multi-factor authentication (MFA)
  • Privileged access management (PAM)
  • Regular access reviews
D

Data

Protect information at rest, in transit, and in use.

Data controls safeguard the information your organisation creates, processes, stores, and transmits. From classification to secure disposal, these controls ensure data confidentiality, integrity, and availability.

  • Data classification and labelling
  • Encryption at rest and in transit
  • Data loss prevention (DLP)
  • Backup and recovery
IN

Infrastructure

Secure the systems, networks, and endpoints that run your business.

Infrastructure controls protect the technology environment — servers, endpoints, networks, cloud services, email systems, business applications, and hardware — that your organisation depends on every day.

  • Patch management
  • Firewalls and network segmentation
  • Endpoint protection
  • Email security and filtering
A

Assurance

Govern, measure, and continuously improve your security programme.

Assurance controls cover the governance, risk management, and continuous improvement activities that keep your security programme effective and aligned with business objectives.

  • Security policies and standards
  • Risk management processes
  • Security awareness training
  • Incident response planning

Progress at Your Own Pace

Three maturity levels let you start where you are and grow at a pace that suits your organisation.

1

Foundational

Essential controls that every organisation should have in place. These address the most common attack vectors and provide a baseline security posture.

2

Enhanced

Intermediate controls that strengthen your defences and introduce proactive monitoring, formal processes, and broader coverage across the organisation.

3

Advanced

Mature controls for organisations with complex environments. Includes advanced threat detection, continuous improvement, and enterprise-grade governance.

Everything You Need to Run Cybersecurity

From quick assessments to AI-powered operations. One platform, complete visibility.

CYBER9 Quick Assessment

Nine questions. Instant cybersecurity score. Free forever.

Full IDIA Assessment

106 controls across 4 pillars at 3 maturity levels. Know exactly where you stand.

Risk Register & Strategy

70 risks linked to controls. AI-generated remediation plans. Track progress to maturity.

PhishSee Email Analysis

AI-powered 10-check phishing analysis. Submit suspicious emails, get instant verdicts.

Threat Intelligence

Curated feeds scored for your industry. Advisories enriched with your control context.

Control Monitoring

DMARC, DNS, certificates, asset discovery. Continuous verification your controls are working.

Your Data Security Is Non-Negotiable

As a security platform, we hold ourselves to the highest standards. Here's how we protect your data.

Encryption at Rest & In Transit

All data encrypted with AES-256 at rest and TLS 1.3 in transit. No exceptions.

AI Data Privacy

Your data is never used to train AI models. All LLM calls are stateless and tenant-isolated.

Automatic Data Hygiene

Sensitive analysis data automatically purged or masked after 90 days. You control retention.

Encrypted Document Storage

Uploaded evidence, policies, and attachments are encrypted at rest with per-tenant keys.

Tenant Segregation

Row-level security enforces complete data isolation. Tenant A can never see Tenant B's data.

MFA & Role-Based Access

Multi-factor authentication enforced for all accounts. 10 granular roles with least-privilege access.

Why IDIA?

Framework-independent — maps to ISO 27001, NIST CSF, CIS, Essential Eight, PCI DSS, SOC 2, and SMB1001 without depending on any of them

Maturity-based — three levels (Foundational, Enhanced, Advanced) let you progress at your own pace

Risk-linked — every control gap traces through operational risks to board-level business impacts

Actionable — each gap produces a concrete remediation pathway, not just a finding

Ready to Know How Your Cyber Is?

Start with a free CYBER9 assessment. Nine questions, instant score, no credit card required.

Get Started Free