https://community.isc2.org/t5/Tech-Talk/Security-Assurance-Levels-calculator/m-p/30016#M1961 <BLOCKQUOTE><HR /><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/136236425">@ericgeater</a>&nbsp;wrote:<BR /><P>Who are the CISSPs?</P><BLOCKQUOTE><HR /></BLOCKQUOTE><HR /></BLOCKQUOTE><P>I looked at the linked site and read the FAQ on that site. I do not mean to accuse either Bruce or the two "honorable US military veterans"&nbsp; of anything untoward, but I must say the minimal information available and the lack of transparency on the site, along with the implied sort of questions users of the SALculator will answer about their organizations make me think the site would be a useful tool for gathering business intelligence and cybersec vulnerability clues on the participating organizations.</P><P>&nbsp;</P><P>Interesting that <A href="https://www.heroku.com/" target="_blank" rel="noopener">Herokuapp.com</A> is a an app development environment site, with the domain <A href="https://www.whois.com/whois/herokuapp.com" target="_blank" rel="noopener">owned by Salesforce</A>.&nbsp;</P><P>&nbsp;</P><P>Craig</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 19 Nov 2019 18:17:18 GMT CraginS 2019-11-19T18:17:18Z https://community.isc2.org/t5/Tech-Talk/Security-Assurance-Levels-calculator/m-p/29751#M1938 <P><A href="https://salculator.herokuapp.com" target="_blank" rel="noopener">https://salculator.herokuapp.com</A></P><P>&nbsp;</P><DIV><DIV class="qQVYZb"><SPAN>Security Control election criteria are often driven by InfoSec or Compliance requirements. That seems good, right? Until business leadership must be convinced to purchase costly tools, or support a restrictive process. We all know how difficult that can be. But why is that? Current approaches and facilitative tools may not include business stakeholders. This often results in a control set that doesn’t consider the business need for the IT systems and the services these systems provide. This is where the trouble begins. Involving business stakeholders earlier in the prioritization &amp; selection process is a step towards mitigating that disconnect. The DHS CSET is a good example of a free tool that helps with prioritization, but it still does not focus on business need. Plus, there may be some hesitation to download it into your environment. Two CISSPs - both US Military Veterans &amp; one also happens to be a full stack developer – decided (initially as a hobby project) to develop a simple (cloud hosted) tool introducing the concept; intending to provoke additional thought in this area.</SPAN></DIV><DIV class="utdU2e">&nbsp;</DIV><DIV class="btm">&nbsp;</DIV></DIV><DIV class=""><DIV class="aHl">&nbsp;</DIV><DIV>&nbsp;</DIV><DIV class="ii gt"><DIV class="a3s aXjCH "><DIV>&nbsp;</DIV></DIV></DIV></DIV> Fri, 08 Nov 2019 23:27:36 GMT https://community.isc2.org/t5/Tech-Talk/Security-Assurance-Levels-calculator/m-p/29751#M1938 bcb13 2019-11-08T23:27:36Z https://community.isc2.org/t5/Tech-Talk/Security-Assurance-Levels-calculator/m-p/29971#M1960 <P>Who are the CISSPs?</P><BLOCKQUOTE><HR /></BLOCKQUOTE> Mon, 18 Nov 2019 19:32:10 GMT https://community.isc2.org/t5/Tech-Talk/Security-Assurance-Levels-calculator/m-p/29971#M1960 ericgeater 2019-11-18T19:32:10Z https://community.isc2.org/t5/Tech-Talk/Security-Assurance-Levels-calculator/m-p/30016#M1961 <BLOCKQUOTE><HR /><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/136236425">@ericgeater</a>&nbsp;wrote:<BR /><P>Who are the CISSPs?</P><BLOCKQUOTE><HR /></BLOCKQUOTE><HR /></BLOCKQUOTE><P>I looked at the linked site and read the FAQ on that site. I do not mean to accuse either Bruce or the two "honorable US military veterans"&nbsp; of anything untoward, but I must say the minimal information available and the lack of transparency on the site, along with the implied sort of questions users of the SALculator will answer about their organizations make me think the site would be a useful tool for gathering business intelligence and cybersec vulnerability clues on the participating organizations.</P><P>&nbsp;</P><P>Interesting that <A href="https://www.heroku.com/" target="_blank" rel="noopener">Herokuapp.com</A> is a an app development environment site, with the domain <A href="https://www.whois.com/whois/herokuapp.com" target="_blank" rel="noopener">owned by Salesforce</A>.&nbsp;</P><P>&nbsp;</P><P>Craig</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 19 Nov 2019 18:17:18 GMT https://community.isc2.org/t5/Tech-Talk/Security-Assurance-Levels-calculator/m-p/30016#M1961 CraginS 2019-11-19T18:17:18Z https://community.isc2.org/t5/Tech-Talk/Security-Assurance-Levels-calculator/m-p/30164#M1962 <P>Where is the backend?&nbsp; In the cloud, USA?&nbsp; China?&nbsp; How is the data being collected and protected?&nbsp;&nbsp; Do they adhere to GDPR, CCPA and other regulatory requirements?&nbsp;</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_cautim</P> Mon, 25 Nov 2019 19:52:27 GMT https://community.isc2.org/t5/Tech-Talk/Security-Assurance-Levels-calculator/m-p/30164#M1962 Caute_cautim 2019-11-25T19:52:27Z