Cognitum developed a tool that encodes the knowledge of cyber-security experts. It allows customers to perform guided cyber-security health checks, and once it is completed, the detailed report (diagnosis) is generated helping the customer to understand the current state of the company’s cybersecurity maturity level and highlight the weak points. The estimation of the potential cost of the problem is also provided.
This responsive application contained a shortened version of the company’s cybersecurity maturity questionnaire with a smaller number of questions about the state of the security system of the interviewee’s company (in the full version there are hundreds of them and it would have taken about 3-4 hours to answer).
While developing the application, we have collaborated closely with the customer’s company specialists to compile a list of the best questions assessing a company’s cybersecurity maturity, like status of their internal Policies, infrastructure and data security. Answers could be single or multichoice. We assigned questions and answers with different scores depending on the importance of the item.
We have used our open source library CogniPy in order to encode the cybersecurity assessment questionnaire knowledge and logic. The system of questions was a virtual tree, and depending on the provided answers, the subsequent questions were inferred – thus each assessment run could contain a bit different set of questions, well-fitted to the interviewee situation..
The system analyzed the answers and assessed the cybersecurity maturity of the interviewee organization. Moreover, it issued a ranking of recommended actions for detected risks mitigation. The interviewee could specify, using sliders, which risk categories are most dangerous for their business and should be mitigated in the first place, which was rearranging the ranking of recommendations. The client could also click on a recommendation and check how the organization’s score could improve if it was applied.
We handed over the application on time and it was used during the big conference event, where visitors were assessing their organization’s cybersecurity maturity on tablets. It helped our client to collect high-quality leads for their business.