cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
bcb13
Viewer

Security Assurance Levels calculator

https://salculator.herokuapp.com

 

Security Control election criteria are often driven by InfoSec or Compliance requirements. That seems good, right? Until business leadership must be convinced to purchase costly tools, or support a restrictive process. We all know how difficult that can be. But why is that? Current approaches and facilitative tools may not include business stakeholders. This often results in a control set that doesn’t consider the business need for the IT systems and the services these systems provide. This is where the trouble begins. Involving business stakeholders earlier in the prioritization & selection process is a step towards mitigating that disconnect. The DHS CSET is a good example of a free tool that helps with prioritization, but it still does not focus on business need. Plus, there may be some hesitation to download it into your environment. Two CISSPs - both US Military Veterans & one also happens to be a full stack developer – decided (initially as a hobby project) to develop a simple (cloud hosted) tool introducing the concept; intending to provoke additional thought in this area.
 
 
 
 
 
3 Replies
ericgeater
Community Champion

Who are the CISSPs?


--
"A claim is as good as its veracity."
CraginS
Defender I


@ericgeater wrote:

Who are the CISSPs?



I looked at the linked site and read the FAQ on that site. I do not mean to accuse either Bruce or the two "honorable US military veterans"  of anything untoward, but I must say the minimal information available and the lack of transparency on the site, along with the implied sort of questions users of the SALculator will answer about their organizations make me think the site would be a useful tool for gathering business intelligence and cybersec vulnerability clues on the participating organizations.

 

Interesting that Herokuapp.com is a an app development environment site, with the domain owned by Salesforce

 

Craig

 

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts
Caute_cautim
Community Champion

Where is the backend?  In the cloud, USA?  China?  How is the data being collected and protected?   Do they adhere to GDPR, CCPA and other regulatory requirements? 

 

Regards

 

Caute_cautim