cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Viewer

Security Assurance Levels calculator

https://salculator.herokuapp.com

 

Security Control election criteria are often driven by InfoSec or Compliance requirements. That seems good, right? Until business leadership must be convinced to purchase costly tools, or support a restrictive process. We all know how difficult that can be. But why is that? Current approaches and facilitative tools may not include business stakeholders. This often results in a control set that doesn’t consider the business need for the IT systems and the services these systems provide. This is where the trouble begins. Involving business stakeholders earlier in the prioritization & selection process is a step towards mitigating that disconnect. The DHS CSET is a good example of a free tool that helps with prioritization, but it still does not focus on business need. Plus, there may be some hesitation to download it into your environment. Two CISSPs - both US Military Veterans & one also happens to be a full stack developer – decided (initially as a hobby project) to develop a simple (cloud hosted) tool introducing the concept; intending to provoke additional thought in this area.
 
 
 
 
 
3 Replies
Highlighted
Contributor II

Re: Security Assurance Levels calculator

Who are the CISSPs?


---
Eric Geater, CISSP
I've always said, "There's nothing an agnostic can't do if he really doesn't know whether he believes in anything or not."
Highlighted
Community Champion

Re: Security Assurance Levels calculator


@ericgeater wrote:

Who are the CISSPs?



I looked at the linked site and read the FAQ on that site. I do not mean to accuse either Bruce or the two "honorable US military veterans"  of anything untoward, but I must say the minimal information available and the lack of transparency on the site, along with the implied sort of questions users of the SALculator will answer about their organizations make me think the site would be a useful tool for gathering business intelligence and cybersec vulnerability clues on the participating organizations.

 

Interesting that Herokuapp.com is a an app development environment site, with the domain owned by Salesforce

 

Craig

 

 

Dr. D. Cragin Shelton, CISSP
Dr.Cragin@iCloud.com
https://CraginS.blogspot.com/
My Community Profile
My LinkedIn Profile
href="Not Passing a Cert Exam is Not the Same as Failing" target="new";;https://cragins.blogspot.com/2018/08/pass-rates-for-professional-exams.html
Highlighted
Community Champion

Re: Security Assurance Levels calculator

Where is the backend?  In the cloud, USA?  China?  How is the data being collected and protected?   Do they adhere to GDPR, CCPA and other regulatory requirements? 

 

Regards

 

Caute_cautim