Assess the completeness of your technical security landscape for completeness and how it compares to market best practices.
A new tool in the battle for information security!
TISLA is a tool to assess the completeness of your technical information security landscape containing a 350+ question survey based on market best practices. The tool is built in Microsoft® Excel and can be downloaded on this site. The usage of the assessment is free of charge, but please take notice of the licensing terms.
At the moment the TISLA tool is leans a bit towards On-Prem and IaaS enviromnents. In the near future more security solutions for PaaS of full SaaS cloud solutions will be added.
The assessment is divided into 6 main categories in which security techniques are logically grouped. Of course, you do not want anyone who fills in the questionaire to immediately know what the total score is. That is why a separate Excel file has been created for each main group, which can be issued to the subject matter experts for completion. The completed lists can then be easily imported into the tool. Below you’ll find the six main area’s with their respective technologies.
Web Application Firewall Secure Software Development Privacy by Design
NextGen DNS NextGen Firewall (Reverse) Proxy Vulnerability Management
Intrusion Detection Intrusion Prevention Active Response Deception Technology Security Logging Monitoring
Network Access Control Identity & Access Management Privileged Access Management
Antivirus & Malware Protection Mobile Device Management Email Security Patch Management Other EndPoint Security
Data Loss Prevention Backup & Recovery Encryption
Beside these 6 main areas/categories there is a seventh category that contains some questions that didn’t fit in the above six, but still can be considered important for your infrastructure security
Everything in the tool is related to risk. You can do this assessment for your entire ICT environment. The condition for doing so is that you put in the risc value of your system with the most sensible and/or critical data, because most of the time the entire infrastructure must be able to protect this data.
The tool gives you all freedom to set your companies risk level. So it is entirely up to you to use this in a responsible way. The company risk is used to make an estimate of which risk there is in your technical infrastructure security landscape. It also provides an indicator of how urgent action for improvement is needed. This is a “free” interpretation from the makers of the tool based on experience in the information security world.
Each of the six area’s contain questionaires about the technologies / equipment belonging to that category. The questions are in 95% of the cases “YES / NO / DON’T KNOW” questions. Questions answered with don’t know yield a small punishment by by subtracting points from the result because you ought to know what your infrastructure can or cannot do. If you don’t know, Google for it and you might learn something.
A very small portion of the questions are % questions where you have to enter your best estimate to complete the question. The questions can easily be answered by clicking selectors.
Not only did we want to make something new, we also had to mke sure the tool is secure in both gathering the information and limiting the sharing of the result. Most CISO’s will need their subject matter specialists to complete the questionaires without them seeing / knowing the overall result. Thats why there are separate Microsoft ® Excel files for each of the six main categories. They can be sent to the experts and can be easily imported after they are completed. So only you will see the overall result.
TISLA can be used to keep continuous improvement going. It can be part of the PDCA (Plan Do Check Act) cycle to create a continuous loop of improvement. Just incorporate periodical TISLA assesments in your existing ISMS (Information Security Management System) and you will have a permenent way to keep your tecnical information security landscape up to date and on the highest level necessary for your environment.
The TISLA tool is build and maintained by a group of security enthousiasts. It is our goal to update the contents an questions at least once a year to keep up with market developments. You can join the team by joining the TISLA workspace on SLACK: https://tisla.slack.com
We need you and your expertise to optimise this tool and to keep up with market development. So please feel free to join the team.
The TISLA team and website fully depends on volunteers, but maintaining this site and everything that comes with it isn’t for free. If you like what we do, please support us and buy us a cup of coffee on https://www.buymeacoffee.com/tislatoolorg or clikc the button in the footer of this page.
