Yashi

RISQ™

HOME > PRODUCTS > RISQ

The Client

The Client, Network Armor provides proven military-grade Information Security (InfoSec) Services to enterprise-class commercial businesses, not-for-profit associations, educational institutions, and government agencies.

As a full-service Information Security consulting firm, they supply the personnel and equipment you need to take pro-active, not reactive, approaches to network security. For more information about client, visit www.networkarmor.com

The Need

The purpose of the system is to reduce a time consuming in-person interview process. This will allow client to accomplish get results quicker during an assessment process, more thoroughly analyze the data, reduce paper waste and provide more consistent and complete documentation. The client also benefits from this application by allowing them to participate in the assessment process while lessening the impact of their busy work schedules.

The Product Overview

The application is to be a secure web-based questionnaire and reporting system. By answering the questions, users of an organization will be identifying their current security posture and establishing a security baseline to measure progress over time. The user will be required to select checkboxes that indicate the level of compliance within their organization to each specific question. The questions are to be based on industry standards used in information security, specifically NIST SP 800-26, ISO 17799/BS 7799, SOX, and HIPPA. The questionnaire will be divided into multiple sections covering the control topics prescribed in these industry standards.

Features & Benefits

  • Administration interface for application configuration and user administration
  • Secure identification and authentication of web credentials to login to application (administrators/users)
  • Ability to export and import Project data from database (would allow for industry trending analysis by client).
  • The questionnaire is made up of modules for each standard (NIST, ISO, SOX, HIPPA, Etc…).
  • Mechanism of question reuse, for example if a question applies to NIST and ISO it could be defined to appear in either module.
  • Questionnaire module architecture allows for dynamic creation and customization.
  • Each question has a mathematical equation to determine a score for each question.
  • Computation of section score based on all questions in the section.
  • Reporting functionality