Rationale

The original version of this tool was developed in 2014 to address what I felt was a significant deficiency in the original CSF model - that it presumed that day-to-day practices and written policies aligned. With very few exceptions, every enterprise I have consulted for or worked in has had a difference between how the policies, technical standards, and procedures said things were done, and how they were actually done in practice day-to-day.

I developed this tool to help me, as a CISO, understand where the weaknesses were in my organization and to better focus on those areas that could cause issues.

I have since used this tool in very large, complex enterprises and SMBs just trying to understand where they are in their cyber journey - and everywhere in between.

Appreciate the Toolkit and want to say thanks? Buy me a cup of coffee!

Home

Introduction

Directions

References

Official Reference Links

Training

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Rationale

Appreciate the Toolkit and want to say thanks? Buy me a cup of coffee!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally