Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
bcb13
Viewer
‎11-08-2019 06:27 PM
‎11-08-2019 06:27 PM

Security Assurance Levels calculator

https://salculator.herokuapp.com

 

Security Control election criteria are often driven by InfoSec or Compliance requirements. That seems good, right? Until business leadership must be convinced to purchase costly tools, or support a restrictive process. We all know how difficult that can be. But why is that? Current approaches and facilitative tools may not include business stakeholders. This often results in a control set that doesn’t consider the business need for the IT systems and the services these systems provide. This is where the trouble begins. Involving business stakeholders earlier in the prioritization & selection process is a step towards mitigating that disconnect. The DHS CSET is a good example of a free tool that helps with prioritization, but it still does not focus on business need. Plus, there may be some hesitation to download it into your environment. Two CISSPs - both US Military Veterans & one also happens to be a full stack developer – decided (initially as a hobby project) to develop a simple (cloud hosted) tool introducing the concept; intending to provoke additional thought in this area.
 
 
 
 
 
Reply
0 Kudos
3 Replies
ericgeater
Community Champion
‎11-18-2019 02:32 PM
‎11-18-2019 02:32 PM

Who are the CISSPs?

-----------
A claim is as good as its veracity.
Reply
0 Kudos
CraginS
Defender I
‎11-19-2019 01:16 PM
‎11-19-2019 01:16 PM

@ericgeater wrote:

Who are the CISSPs?

I looked at the linked site and read the FAQ on that site. I do not mean to accuse either Bruce or the two "honorable US military veterans"  of anything untoward, but I must say the minimal information available and the lack of transparency on the site, along with the implied sort of questions users of the SALculator will answer about their organizations make me think the site would be a useful tool for gathering business intelligence and cybersec vulnerability clues on the participating organizations.

 

Interesting that Herokuapp.com is a an app development environment site, with the domain owned by Salesforce

 

Craig

 

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts
Reply
0 Kudos
Caute_cautim
Community Champion
‎11-25-2019 02:52 PM
‎11-25-2019 02:52 PM

Where is the backend?  In the cloud, USA?  China?  How is the data being collected and protected?   Do they adhere to GDPR, CCPA and other regulatory requirements? 

 

Regards

 

Caute_cautim

Reply