-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathsecurity_assessment_tool.html
More file actions
1033 lines (965 loc) · 55.5 KB
/
Copy pathsecurity_assessment_tool.html
File metadata and controls
1033 lines (965 loc) · 55.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Enterprise Security Assessment Tool with AI Scoring</title>
<link rel="stylesheet" href="styles.css">
</head>
<body>
<div class="container">
<div class="header">
<h1>Enterprise Security Assessment Tool with AI Scoring</h1>
<p>Comprehensive security maturity assessment across 15 organizational factors plus AI adoption evaluation
based on L0-L4 framework</p>
<button id="darkModeToggle" class="btn btn-secondary" style="position: absolute; top: 20px; right: 20px;"
onclick="toggleDarkMode()">
🌙 Dark Mode
</button>
</div>
<div class="progress-bar">
<div class="progress-fill" id="progressFill"></div>
</div>
<div class="nav-tabs">
<button class="nav-tab active" onclick="showTab('company')">Company Info</button>
<button class="nav-tab" onclick="showTab('tools')">Security Tools</button>
<button class="nav-tab" onclick="showTab('assessment')">Assessment</button>
<button class="nav-tab" onclick="showTab('ai-assessment')">AI Assessment</button>
<button class="nav-tab" onclick="showTab('results')">Results</button>
</div>
<!-- Company Information Tab -->
<div id="company" class="tab-content active">
<h2>Company Information</h2>
<p>Please provide basic information about your organization to customize the assessment.</p>
<div class="form-row">
<div class="form-group">
<label for="companyName">Company Name</label>
<input type="text" id="companyName" placeholder="Enter company name">
</div>
<div class="form-group">
<label for="companySize">Company Size (Employees)</label>
<select id="companySize">
<option value="">Select size range</option>
<option value="1-50">1-50 employees</option>
<option value="51-200">51-200 employees</option>
<option value="201-1000">201-1,000 employees</option>
<option value="1001-5000">1,001-5,000 employees</option>
<option value="5001+">5,001+ employees</option>
</select>
</div>
</div>
<div class="form-row">
<div class="form-group">
<label for="industry">Industry</label>
<select id="industry">
<option value="">Select industry</option>
<option value="technology">Technology</option>
<option value="financial">Financial Services</option>
<option value="healthcare">Healthcare</option>
<option value="manufacturing">Manufacturing</option>
<option value="retail">Retail</option>
<option value="government">Government</option>
<option value="education">Education</option>
<option value="other">Other</option>
</select>
</div>
<div class="form-group">
<label for="regulatory">Regulatory Requirements</label>
<select id="regulatory">
<option value="">Select primary regulation</option>
<option value="none">None</option>
<option value="gdpr">GDPR</option>
<option value="sox">SOX</option>
<option value="hipaa">HIPAA</option>
<option value="pci">PCI DSS</option>
<option value="multiple">Multiple regulations</option>
</select>
</div>
</div>
<div class="form-group">
<label>Current Security Setup</label>
<div class="checkbox-group">
<div class="checkbox-item" onclick="toggleCheckbox(this)">
<input type="checkbox" id="hasSIEM">
<label for="hasSIEM">SIEM (Security Information and Event Management)</label>
</div>
<div class="checkbox-item" onclick="toggleCheckbox(this)">
<input type="checkbox" id="hasEDR">
<label for="hasEDR">EDR (Endpoint Detection and Response)</label>
</div>
<div class="checkbox-item" onclick="toggleCheckbox(this)">
<input type="checkbox" id="hasSOC">
<label for="hasSOC">SOC (Security Operations Center)</label>
</div>
<div class="checkbox-item" onclick="toggleCheckbox(this)">
<input type="checkbox" id="hasIR">
<label for="hasIR">Incident Response Team</label>
</div>
</div>
</div>
<button class="btn btn-primary" onclick="nextTab()">Continue to Security Tools</button>
</div>
<!-- Security Tools Tab -->
<div id="tools" class="tab-content">
<h2>Security Tools Selection</h2>
<p>Select the security tools currently deployed in your organization. This helps us provide more targeted
recommendations.</p>
<!-- SIEM Tools -->
<div class="tool-category">
<div class="category-header" onclick="toggleCategory(this)">
<span>SIEM (Security Information and Event Management)</span>
<span>▼</span>
</div>
<div class="category-content">
<div class="tool-description">
Central log aggregation, correlation, and compliance reporting with UEBA and SOAR capabilities.
</div>
<div class="checkbox-group">
<div class="checkbox-item" onclick="toggleCheckbox(this)">
<input type="checkbox" value="Splunk">
<div>
<strong>Splunk</strong>
<div>Real-time monitoring with flexible query capabilities</div>
</div>
</div>
<div class="checkbox-item" onclick="toggleCheckbox(this)">
<input type="checkbox" value="Exabeam Fusion">
<div>
<strong>Exabeam Fusion</strong>
<div>Behavior-based detection with native SOAR and compliance reporting</div>
</div>
</div>
<div class="checkbox-item" onclick="toggleCheckbox(this)">
<input type="checkbox" value="IBM QRadar">
<div>
<strong>IBM QRadar SIEM</strong>
<div>Modular architecture with multiple logging protocols</div>
</div>
</div>
<div class="checkbox-item" onclick="toggleCheckbox(this)">
<input type="checkbox" value="Microsoft Sentinel">
<div>
<strong>Microsoft Sentinel</strong>
<div>Cloud-native, pay-as-you-go with Microsoft ecosystem integration</div>
</div>
</div>
<div class="checkbox-item" onclick="toggleCheckbox(this)">
<input type="checkbox" value="Rapid7 InsightIDR">
<div>
<strong>Rapid7 InsightIDR</strong>
<div>Out-of-the-box detections with cloud-forward approach</div>
</div>
</div>
</div>
</div>
</div>
<!-- EDR Tools -->
<div class="tool-category">
<div class="category-header" onclick="toggleCategory(this)">
<span>EDR (Endpoint Detection and Response)</span>
<span>▼</span>
</div>
<div class="category-content">
<div class="tool-description">
Endpoint telemetry, detection, and response with process monitoring and rollback capabilities.
</div>
<div class="checkbox-group">
<div class="checkbox-item" onclick="toggleCheckbox(this)">
<input type="checkbox" value="CrowdStrike Falcon">
<div>
<strong>CrowdStrike Falcon</strong>
<div>Cloud-native scale with strong telemetry and intelligence integration</div>
</div>
</div>
<div class="checkbox-item" onclick="toggleCheckbox(this)">
<input type="checkbox" value="SentinelOne">
<div>
<strong>SentinelOne Singularity</strong>
<div>Autonomous mitigation and rollback with cross-platform support</div>
</div>
</div>
<div class="checkbox-item" onclick="toggleCheckbox(this)">
<input type="checkbox" value="Microsoft Defender">
<div>
<strong>Microsoft Defender for Endpoint</strong>
<div>Deep Microsoft 365/Entra integration and platform telemetry</div>
</div>
</div>
<div class="checkbox-item" onclick="toggleCheckbox(this)">
<input type="checkbox" value="Palo Alto Cortex XDR">
<div>
<strong>Palo Alto Cortex XDR</strong>
<div>Behavioral analytics with network/endpoint correlation</div>
</div>
</div>
<div class="checkbox-item" onclick="toggleCheckbox(this)">
<input type="checkbox" value="Trellix">
<div>
<strong>Trellix Endpoint Security</strong>
<div>Multi-engine detection with adaptive response capabilities</div>
</div>
</div>
</div>
</div>
</div>
<!-- XDR Tools -->
<div class="tool-category">
<div class="category-header" onclick="toggleCategory(this)">
<span>XDR (Extended Detection and Response)</span>
<span>▼</span>
</div>
<div class="category-content">
<div class="tool-description">
Cross-domain detection and automated response across endpoint, identity, email, network, and
cloud.
</div>
<div class="checkbox-group">
<div class="checkbox-item" onclick="toggleCheckbox(this)">
<input type="checkbox" value="Microsoft Defender XDR">
<div>
<strong>Microsoft Defender XDR</strong>
<div>Unified incidents across Microsoft 365 with automated investigation/playbooks</div>
</div>
</div>
<div class="checkbox-item" onclick="toggleCheckbox(this)">
<input type="checkbox" value="Palo Alto Cortex XDR">
<div>
<strong>Palo Alto Cortex XDR</strong>
<div>Behavioral analytics with cross-domain storyboarding</div>
</div>
</div>
<div class="checkbox-item" onclick="toggleCheckbox(this)">
<input type="checkbox" value="Trend Micro Vision One">
<div>
<strong>Trend Micro Vision One</strong>
<div>Correlated detections with guided response across domains</div>
</div>
</div>
<div class="checkbox-item" onclick="toggleCheckbox(this)">
<input type="checkbox" value="Fortinet XDR">
<div>
<strong>Fortinet XDR</strong>
<div>Fabric-wide correlation with automated isolation capabilities</div>
</div>
</div>
</div>
</div>
</div>
<!-- Firewalls -->
<div class="tool-category">
<div class="category-header" onclick="toggleCategory(this)">
<span>NGFW & WAF (Next-Gen Firewalls & Web Application Firewalls)</span>
<span>▼</span>
</div>
<div class="category-content">
<div class="tool-description">
Perimeter protection with application awareness, identity mapping, and intrusion prevention.
</div>
<div class="checkbox-group">
<div class="checkbox-item" onclick="toggleCheckbox(this)">
<input type="checkbox" value="Palo Alto NGFW">
<div>
<strong>Palo Alto Networks NGFW</strong>
<div>App-ID, Content-ID, WildFire integration with identity mapping</div>
</div>
</div>
<div class="checkbox-item" onclick="toggleCheckbox(this)">
<input type="checkbox" value="Fortinet FortiGate">
<div>
<strong>Fortinet FortiGate</strong>
<div>Deep packet inspection with native SD-WAN capabilities</div>
</div>
</div>
<div class="checkbox-item" onclick="toggleCheckbox(this)">
<input type="checkbox" value="Cisco Secure Firewall">
<div>
<strong>Cisco Secure Firewall</strong>
<div>Snort IPS, AMP, URL filtering with comprehensive integrations</div>
</div>
</div>
<div class="checkbox-item" onclick="toggleCheckbox(this)">
<input type="checkbox" value="Check Point Quantum">
<div>
<strong>Check Point Quantum</strong>
<div>SandBlast sandboxing with SandBlast Zero-Day protection</div>
</div>
</div>
</div>
</div>
</div>
<!-- Identity & Access Management -->
<div class="tool-category">
<div class="category-header" onclick="toggleCategory(this)">
<span>IAM (Identity and Access Management)</span>
<span>▼</span>
</div>
<div class="category-content">
<div class="tool-description">
Single sign-on, multi-factor authentication, and privileged access management.
</div>
<div class="checkbox-group">
<div class="checkbox-item" onclick="toggleCheckbox(this)">
<input type="checkbox" value="Okta">
<div>
<strong>Okta Workforce Identity</strong>
<div>SSO, MFA, lifecycle management with broad app catalog</div>
</div>
</div>
<div class="checkbox-item" onclick="toggleCheckbox(this)">
<input type="checkbox" value="Microsoft Entra ID">
<div>
<strong>Microsoft Entra ID</strong>
<div>Cloud IAM with risk-based access and Microsoft integration</div>
</div>
</div>
<div class="checkbox-item" onclick="toggleCheckbox(this)">
<input type="checkbox" value="Ping Identity">
<div>
<strong>Ping Identity</strong>
<div>SSO, MFA, federation with hybrid cloud integrations</div>
</div>
</div>
<div class="checkbox-item" onclick="toggleCheckbox(this)">
<input type="checkbox" value="CyberArk">
<div>
<strong>CyberArk Workforce Identity</strong>
<div>PAM, password vaulting, session monitoring capabilities</div>
</div>
</div>
</div>
</div>
</div>
<!-- Vulnerability Management -->
<div class="tool-category">
<div class="category-header" onclick="toggleCategory(this)">
<span>Vulnerability Management</span>
<span>▼</span>
</div>
<div class="category-content">
<div class="tool-description">
Asset discovery, scanning, risk-based prioritization, and remediation tracking.
</div>
<div class="checkbox-group">
<div class="checkbox-item" onclick="toggleCheckbox(this)">
<input type="checkbox" value="Tenable">
<div>
<strong>Tenable (One/Nessus)</strong>
<div>Broad coverage with VM + WAS and strong risk-based prioritization</div>
</div>
</div>
<div class="checkbox-item" onclick="toggleCheckbox(this)">
<input type="checkbox" value="Qualys VMDR">
<div>
<strong>Qualys VMDR</strong>
<div>VM + DAST with CI/CD hooks and asset discovery</div>
</div>
</div>
<div class="checkbox-item" onclick="toggleCheckbox(this)">
<input type="checkbox" value="Rapid7 InsightVM">
<div>
<strong>Rapid7 InsightVM</strong>
<div>VM + DAST with Metasploit linkage and risk scoring</div>
</div>
</div>
<div class="checkbox-item" onclick="toggleCheckbox(this)">
<input type="checkbox" value="SecPod SanerNow">
<div>
<strong>SecPod SanerNow</strong>
<div>Continuous VM with curated checks and continuous scoring</div>
</div>
</div>
</div>
</div>
</div>
<!-- Email Security -->
<div class="tool-category">
<div class="category-header" onclick="toggleCategory(this)">
<span>Email Security</span>
<span>▼</span>
</div>
<div class="category-content">
<div class="tool-description">
Phishing, BEC, malware defense with attachment sandboxing and URL protection.
</div>
<div class="checkbox-group">
<div class="checkbox-item" onclick="toggleCheckbox(this)">
<input type="checkbox" value="Proofpoint">
<div>
<strong>Proofpoint Email Protection</strong>
<div>ML-driven filters with multi-layer phishing/BEC protection</div>
</div>
</div>
<div class="checkbox-item" onclick="toggleCheckbox(this)">
<input type="checkbox" value="Mimecast">
<div>
<strong>Mimecast Email Security</strong>
<div>URL defense with attachment sandboxing and impersonation detection</div>
</div>
</div>
<div class="checkbox-item" onclick="toggleCheckbox(this)">
<input type="checkbox" value="Microsoft Defender for Office 365">
<div>
<strong>Microsoft Defender for Office 365</strong>
<div>Safe Attachments, Safe Links with native Microsoft stack integration</div>
</div>
</div>
</div>
</div>
</div>
<!-- Cloud Security -->
<div class="tool-category">
<div class="category-header" onclick="toggleCategory(this)">
<span>Cloud Security (CSPM/CWPP/CASB)</span>
<span>▼</span>
</div>
<div class="category-content">
<div class="tool-description">
Cloud security posture management, workload protection, and SaaS access governance.
</div>
<div class="checkbox-group">
<div class="checkbox-item" onclick="toggleCheckbox(this)">
<input type="checkbox" value="AWS Security Hub">
<div>
<strong>AWS Security Hub</strong>
<div>AWS-centric posture management with partner integrations</div>
</div>
</div>
<div class="checkbox-item" onclick="toggleCheckbox(this)">
<input type="checkbox" value="Lacework">
<div>
<strong>Lacework</strong>
<div>Multi-cloud posture management with DevOps toolchain integration</div>
</div>
</div>
<div class="checkbox-item" onclick="toggleCheckbox(this)">
<input type="checkbox" value="Prisma Cloud">
<div>
<strong>Prisma Cloud (CSPM)</strong>
<div>Continuous compliance with automated remediation workflows</div>
</div>
</div>
<div class="checkbox-item" onclick="toggleCheckbox(this)">
<input type="checkbox" value="Orca Security">
<div>
<strong>Orca Security</strong>
<div>Agentless posture checks with cloud-native integrations</div>
</div>
</div>
</div>
</div>
</div>
<!-- Threat Intelligence -->
<div class="tool-category">
<div class="category-header" onclick="toggleCategory(this)">
<span>Threat Intelligence Platforms (TIP)</span>
<span>▼</span>
</div>
<div class="category-content">
<div class="tool-description">
Multi-source threat data aggregation with ATT&CK mapping and automated response.
</div>
<div class="checkbox-group">
<div class="checkbox-item" onclick="toggleCheckbox(this)">
<input type="checkbox" value="Recorded Future">
<div>
<strong>Recorded Future</strong>
<div>Technical and dark web intel with real-time scoring and ATT&CK mapping</div>
</div>
</div>
<div class="checkbox-item" onclick="toggleCheckbox(this)">
<input type="checkbox" value="Mandiant">
<div>
<strong>Mandiant Threat Intelligence</strong>
<div>First-hand incident intel with actor tracking and attribution</div>
</div>
</div>
<div class="checkbox-item" onclick="toggleCheckbox(this)">
<input type="checkbox" value="Anomali">
<div>
<strong>Anomali ThreatStream</strong>
<div>Multi-source aggregation with ML scoring and automation</div>
</div>
</div>
<div class="checkbox-item" onclick="toggleCheckbox(this)">
<input type="checkbox" value="ThreatConnect">
<div>
<strong>ThreatConnect</strong>
<div>Collaborative intelligence operations with 450+ tool integrations</div>
</div>
</div>
</div>
</div>
</div>
<button class="btn btn-primary" onclick="nextTab()">Continue to Assessment</button>
</div>
<!-- Organizational Assessment Tab -->
<div id="assessment" class="tab-content">
<h2>Organizational Security Assessment</h2>
<p>Evaluate your organization's security maturity across 15 key organizational factors. This comprehensive
assessment will determine your L0-L4 threat detection level.</p>
<!-- IT Department Accessibility -->
<div class="form-group">
<label>IT Department Accessibility (1-10 scale)</label>
<div class="slider-container">
<input type="range" class="slider" id="itAccessibility" min="1" max="10" value="5"
oninput="updateSliderValue('itAccessibility', 'itAccessibilityValue')">
<div>Current score: <span class="score-value" id="itAccessibilityValue">5</span></div>
</div>
<div class="tool-description">
Measures availability, responsiveness, and reliability of IT services that underpin security
monitoring and incident handling.
</div>
</div>
<!-- Security Budget -->
<div class="form-group">
<label>Security Budget Allocation (% of IT budget)</label>
<input type="range" class="slider" id="securityBudget" min="1" max="30" value="10"
oninput="updateSliderValue('securityBudget', 'securityBudgetValue')">
<div>Current allocation: <span class="score-value" id="securityBudgetValue">10%</span></div>
<div class="tool-description">
Percentage of total IT budget allocated to cybersecurity including people, tooling, and program
costs.
</div>
</div>
<!-- Security Team Ratio -->
<div class="form-group">
<label>Security Team Size vs Company Size Ratio</label>
<div class="form-row">
<div>
<input type="number" id="securityStaffCount" placeholder="Number of security staff" min="1">
</div>
<div>
<input type="number" id="totalEmployeeCount" placeholder="Total employees" min="1">
</div>
</div>
<div>Security staff ratio: <span class="score-value" id="staffRatioValue">--</span> per 1,000 employees
</div>
<div class="tool-description">
Ratio of security FTEs to total headcount, adjusted for regulatory complexity and coverage
requirements.
</div>
</div>
<!-- Incident Response Maturity -->
<div class="form-group">
<label>Incident Response Maturity (1-10 scale)</label>
<div class="slider-container">
<input type="range" class="slider" id="irMaturity" min="1" max="10" value="5"
oninput="updateSliderValue('irMaturity', 'irMaturityValue')">
<div>Current maturity: <span class="score-value" id="irMaturityValue">5</span></div>
</div>
<div class="tool-description">
Captures planning, detection & analysis, response, communications, and recovery/learning dimensions.
</div>
</div>
<!-- Training Frequency -->
<div class="form-group">
<label>Employee Security Training Frequency</label>
<select id="trainingFrequency">
<option value="">Select training frequency</option>
<option value="1">Annual only</option>
<option value="3">Twice per year</option>
<option value="5">Quarterly</option>
<option value="8">Monthly microlearning</option>
<option value="10">Continuous/Adaptive</option>
</select>
<div class="tool-description">
Cadence and effectiveness of security awareness and role-based training for all staff.
</div>
</div>
<!-- Management Support -->
<div class="form-group">
<label>Management Support for Security Initiatives (1-10 scale)</label>
<div class="slider-container">
<input type="range" class="slider" id="managementSupport" min="1" max="10" value="5"
oninput="updateSliderValue('managementSupport', 'managementSupportValue')">
<div>Current support level: <span class="score-value" id="managementSupportValue">5</span></div>
</div>
<div class="tool-description">
Degree of active executive sponsorship, decision-making authority, and resourcing for security
priorities.
</div>
</div>
<!-- Compliance Complexity -->
<div class="form-group">
<label>Compliance Requirements Complexity (1-10 scale)</label>
<select id="complianceComplexity">
<option value="">Select complexity level</option>
<option value="2">No formal frameworks</option>
<option value="4">Minimal frameworks</option>
<option value="6">Limited frameworks with annual audits</option>
<option value="8">Several frameworks with overlapping controls</option>
<option value="10">Multi-framework, multi-jurisdiction with continuous monitoring</option>
</select>
<div class="tool-description">
Breadth and intensity of applicable regulatory and contractual security requirements.
</div>
</div>
<!-- Remote Work Security -->
<div class="form-group">
<label>Remote Work Security Posture (1-10 scale)</label>
<div class="slider-container">
<input type="range" class="slider" id="remoteSecurity" min="1" max="10" value="5"
oninput="updateSliderValue('remoteSecurity', 'remoteSecurityValue')">
<div>Current posture: <span class="score-value" id="remoteSecurityValue">5</span></div>
</div>
<div class="tool-description">
Maturity of controls for remote and hybrid work including identity, device, network, and data
safeguards.
</div>
</div>
<!-- TPRM -->
<div class="form-group">
<label>Third-Party Vendor Risk Management (TPRM) (1-10 scale)</label>
<div class="slider-container">
<input type="range" class="slider" id="tprm" min="1" max="10" value="5"
oninput="updateSliderValue('tprm', 'tprmValue')">
<div>Current TPRM maturity: <span class="score-value" id="tprmValue">5</span></div>
</div>
<div class="tool-description">
Governance and operational discipline for managing supplier cybersecurity risk across the lifecycle.
</div>
</div>
<!-- Security Awareness Culture -->
<div class="form-group">
<label>Security Awareness Culture Level (1-10 scale)</label>
<div class="slider-container">
<input type="range" class="slider" id="securityCulture" min="1" max="10" value="5"
oninput="updateSliderValue('securityCulture', 'securityCultureValue')">
<div>Current culture level: <span class="score-value" id="securityCultureValue">5</span></div>
</div>
<div class="tool-description">
Degree to which shared beliefs, routines, symbols, and power structures reinforce secure behavior.
</div>
</div>
<!-- Company Policy Approachability -->
<div class="form-group">
<label>Company Policy Approachability & Accessibility (1-10 scale)</label>
<div class="slider-container">
<input type="range" class="slider" id="policyApproachability" min="1" max="10" value="5"
oninput="updateSliderValue('policyApproachability', 'policyApproachabilityValue')">
<div>Current approachability: <span class="score-value" id="policyApproachabilityValue">5</span>
</div>
</div>
<div class="tool-description">
How easy is it for employees to access, understand, and follow company security policies and
procedures.
</div>
</div>
<!-- Communication Atmosphere -->
<div class="form-group">
<label>Communication Atmosphere & Transparency (1-10 scale)</label>
<div class="slider-container">
<input type="range" class="slider" id="communicationAtmosphere" min="1" max="10" value="5"
oninput="updateSliderValue('communicationAtmosphere', 'communicationAtmosphereValue')">
<div>Current atmosphere: <span class="score-value" id="communicationAtmosphereValue">5</span></div>
</div>
<div class="tool-description">
Level of open communication, transparency about security incidents, and psychological safety for
reporting issues.
</div>
</div>
<!-- Cross-Department Collaboration -->
<div class="form-group">
<label>Cross-Department Security Collaboration (1-10 scale)</label>
<div class="slider-container">
<input type="range" class="slider" id="crossDepartmentCollaboration" min="1" max="10" value="5"
oninput="updateSliderValue('crossDepartmentCollaboration', 'crossDepartmentCollaborationValue')">
<div>Current collaboration: <span class="score-value"
id="crossDepartmentCollaborationValue">5</span></div>
</div>
<div class="tool-description">
Effectiveness of security collaboration across IT, HR, Legal, Operations, and other business units.
</div>
</div>
<!-- Security Governance Structure -->
<div class="form-group">
<label>Security Governance Structure Maturity (1-10 scale)</label>
<div class="slider-container">
<input type="range" class="slider" id="securityGovernance" min="1" max="10" value="5"
oninput="updateSliderValue('securityGovernance', 'securityGovernanceValue')">
<div>Current governance maturity: <span class="score-value" id="securityGovernanceValue">5</span>
</div>
</div>
<div class="tool-description">
Clarity of security roles, responsibilities, decision-making authority, and governance processes.
</div>
</div>
<!-- Change Management Process -->
<div class="form-group">
<label>Security Change Management Process (1-10 scale)</label>
<div class="slider-container">
<input type="range" class="slider" id="changeManagement" min="1" max="10" value="5"
oninput="updateSliderValue('changeManagement', 'changeManagementValue')">
<div>Current change management: <span class="score-value" id="changeManagementValue">5</span></div>
</div>
<div class="tool-description">
Effectiveness of processes for implementing security changes, updates, and technology deployments.
</div>
</div>
<button class="btn btn-primary" onclick="nextTab()">Continue to AI Assessment</button>
</div>
<!-- AI Assessment Tab -->
<div id="ai-assessment" class="tab-content">
<h2>AI Security Assessment</h2>
<p>Evaluate your organization's AI adoption and capabilities across security domains. This assessment will
calculate your AI maturity level and provide targeted recommendations for AI implementation.</p>
<!-- AI Detection and Analysis Capabilities -->
<div class="form-group">
<h3>1. AI Detection and Analysis Capabilities</h3>
<label>AI-Powered Threat Detection (1-10 scale)</label>
<div class="slider-container">
<input type="range" class="slider" id="aiThreatDetection" min="1" max="10" value="5"
oninput="updateSliderValue('aiThreatDetection', 'aiThreatDetectionValue')">
<div>Current capability: <span class="score-value" id="aiThreatDetectionValue">5</span></div>
</div>
<div class="tool-description">
Rate your organization's AI threat detection capabilities from signature-based only (1-2) to
autonomous AI detection (9-10).
</div>
<label>AI Behavioral Analytics Sophistication (1-10 scale)</label>
<div class="slider-container">
<input type="range" class="slider" id="aiBehavioralAnalytics" min="1" max="10" value="5"
oninput="updateSliderValue('aiBehavioralAnalytics', 'aiBehavioralAnalyticsValue')">
<div>Current sophistication: <span class="score-value" id="aiBehavioralAnalyticsValue">5</span>
</div>
</div>
<div class="tool-description">
Evaluate AI behavioral analytics from basic profiling (3-4) to self-learning behavioral AI with
predictive capabilities (9-10).
</div>
<label>AI Anomaly Detection Effectiveness (1-10 scale)</label>
<div class="slider-container">
<input type="range" class="slider" id="aiAnomalyDetection" min="1" max="10" value="5"
oninput="updateSliderValue('aiAnomalyDetection', 'aiAnomalyDetectionValue')">
<div>Current effectiveness: <span class="score-value" id="aiAnomalyDetectionValue">5</span></div>
</div>
<div class="tool-description">
Rate AI anomaly detection from basic thresholds (3-4) to autonomous detection with adaptive
baselines (9-10).
</div>
<label>AI False Positive Reduction (1-10 scale)</label>
<div class="slider-container">
<input type="range" class="slider" id="aiFalsePositiveReduction" min="1" max="10" value="5"
oninput="updateSliderValue('aiFalsePositiveReduction', 'aiFalsePositiveReductionValue')">
<div>Current reduction capability: <span class="score-value"
id="aiFalsePositiveReductionValue">5</span></div>
</div>
<div class="tool-description">
Evaluate AI's ability to reduce false positives from manual tuning (3-4) to self-optimizing systems
(9-10).
</div>
</div>
<!-- AI Automation and Orchestration -->
<div class="form-group">
<h3>2. AI Automation and Orchestration</h3>
<label>AI-Driven Incident Response Automation (1-10 scale)</label>
<div class="slider-container">
<input type="range" class="slider" id="aiIncidentResponse" min="1" max="10" value="5"
oninput="updateSliderValue('aiIncidentResponse', 'aiIncidentResponseValue')">
<div>Current automation level: <span class="score-value" id="aiIncidentResponseValue">5</span></div>
</div>
<div class="tool-description">
Rate incident response automation from basic playbooks (3-4) to fully autonomous AI response (9-10).
</div>
<label>AI Security Orchestration Capabilities (1-10 scale)</label>
<div class="slider-container">
<input type="range" class="slider" id="aiOrchestration" min="1" max="10" value="5"
oninput="updateSliderValue('aiOrchestration', 'aiOrchestrationValue')">
<div>Current orchestration level: <span class="score-value" id="aiOrchestrationValue">5</span></div>
</div>
<div class="tool-description">
Evaluate AI orchestration from basic workflow automation (3-4) to autonomous AI-driven operations
(9-10).
</div>
<label>AI Threat Hunting Sophistication (1-10 scale)</label>
<div class="slider-container">
<input type="range" class="slider" id="aiThreatHunting" min="1" max="10" value="5"
oninput="updateSliderValue('aiThreatHunting', 'aiThreatHuntingValue')">
<div>Current sophistication: <span class="score-value" id="aiThreatHuntingValue">5</span></div>
</div>
<div class="tool-description">
Rate threat hunting capabilities from simple automated searches (3-4) to autonomous AI
investigations (9-10).
</div>
<label>AI Security Workflow Automation (1-10 scale)</label>
<div class="slider-container">
<input type="range" class="slider" id="aiWorkflowAutomation" min="1" max="10" value="5"
oninput="updateSliderValue('aiWorkflowAutomation', 'aiWorkflowAutomationValue')">
<div>Current automation level: <span class="score-value" id="aiWorkflowAutomationValue">5</span>
</div>
</div>
<div class="tool-description">
Evaluate security workflow automation from basic scripts (3-4) to intelligent autonomous workflows
(9-10).
</div>
</div>
<!-- AI Governance and Compliance -->
<div class="form-group">
<h3>3. AI Governance and Compliance</h3>
<label>AI Model Governance Framework (1-10 scale)</label>
<div class="slider-container">
<input type="range" class="slider" id="aiModelGovernance" min="1" max="10" value="5"
oninput="updateSliderValue('aiModelGovernance', 'aiModelGovernanceValue')">
<div>Current governance maturity: <span class="score-value" id="aiModelGovernanceValue">5</span>
</div>
</div>
<div class="tool-description">
Rate AI governance from basic policies (3-4) to comprehensive framework with continuous monitoring
(9-10).
</div>
<label>AI Explainability and Transparency (1-10 scale)</label>
<div class="slider-container">
<input type="range" class="slider" id="aiExplainability" min="1" max="10" value="5"
oninput="updateSliderValue('aiExplainability', 'aiExplainabilityValue')">
<div>Current transparency level: <span class="score-value" id="aiExplainabilityValue">5</span></div>
</div>
<div class="tool-description">
Evaluate AI explainability from black box (1-2) to full transparency with human-interpretable
outputs (9-10).
</div>
<label>AI Bias Detection and Mitigation (1-10 scale)</label>
<div class="slider-container">
<input type="range" class="slider" id="aiBiasMitigation" min="1" max="10" value="5"
oninput="updateSliderValue('aiBiasMitigation', 'aiBiasMitigationValue')">
<div>Current mitigation capability: <span class="score-value" id="aiBiasMitigationValue">5</span>
</div>
</div>
<div class="tool-description">
Rate bias handling from no testing (1-2) to continuous monitoring with automatic correction (9-10).
</div>
<label>AI Compliance Monitoring (1-10 scale)</label>
<div class="slider-container">
<input type="range" class="slider" id="aiComplianceMonitoring" min="1" max="10" value="5"
oninput="updateSliderValue('aiComplianceMonitoring', 'aiComplianceMonitoringValue')">
<div>Current monitoring level: <span class="score-value" id="aiComplianceMonitoringValue">5</span>
</div>
</div>
<div class="tool-description">
Evaluate AI compliance monitoring from manual checks (3-4) to automated continuous compliance
(9-10).
</div>
</div>
<!-- AI Integration and Data Management -->
<div class="form-group">
<h3>4. AI Integration and Data Management</h3>
<label>AI Data Pipeline Management (1-10 scale)</label>
<div class="slider-container">
<input type="range" class="slider" id="aiDataPipeline" min="1" max="10" value="5"
oninput="updateSliderValue('aiDataPipeline', 'aiDataPipelineValue')">
<div>Current management maturity: <span class="score-value" id="aiDataPipelineValue">5</span></div>
</div>
<div class="tool-description">
Rate data pipeline capabilities from ad-hoc collection (1-2) to autonomous self-optimizing pipelines
(9-10).
</div>
<label>AI Model Lifecycle Management (1-10 scale)</label>
<div class="slider-container">
<input type="range" class="slider" id="aiModelLifecycle" min="1" max="10" value="5"
oninput="updateSliderValue('aiModelLifecycle', 'aiModelLifecycleValue')">
<div>Current lifecycle maturity: <span class="score-value" id="aiModelLifecycleValue">5</span></div>
</div>
<div class="tool-description">
Evaluate model management from basic deployment (3-4) to autonomous self-updating models (9-10).
</div>
<label>Cross-Platform AI Integration (1-10 scale)</label>
<div class="slider-container">
<input type="range" class="slider" id="aiPlatformIntegration" min="1" max="10" value="5"
oninput="updateSliderValue('aiPlatformIntegration', 'aiPlatformIntegrationValue')">
<div>Current integration level: <span class="score-value" id="aiPlatformIntegrationValue">5</span>
</div>
</div>
<div class="tool-description">
Rate integration capabilities from siloed tools (1-2) to unified AI ecosystem (9-10).
</div>
<label>AI API and Data Flow Management (1-10 scale)</label>
<div class="slider-container">
<input type="range" class="slider" id="aiDataFlow" min="1" max="10" value="5"
oninput="updateSliderValue('aiDataFlow', 'aiDataFlowValue')">
<div>Current management capability: <span class="score-value" id="aiDataFlowValue">5</span></div>
</div>
<div class="tool-description">
Evaluate API and data flow management from manual configuration (3-4) to intelligent
auto-configuration (9-10).
</div>
</div>
<!-- AI Maturity Assessment -->
<div class="form-group">
<h3>5. AI Maturity Assessment</h3>
<label>AI Strategy and Planning Maturity (1-10 scale)</label>
<div class="slider-container">
<input type="range" class="slider" id="aiStrategyPlanning" min="1" max="10" value="5"
oninput="updateSliderValue('aiStrategyPlanning', 'aiStrategyPlanningValue')">
<div>Current strategy maturity: <span class="score-value" id="aiStrategyPlanningValue">5</span>
</div>
</div>
<div class="tool-description">
Rate AI strategic planning from no strategy (1-2) to comprehensive AI roadmap with continuous
evolution (9-10).
</div>
<label>AI Security Budget Allocation (% of security budget)</label>
<div class="slider-container">
<input type="range" class="slider" id="aiBudgetAllocation" min="0" max="50" value="10"
oninput="updateSliderValue('aiBudgetAllocation', 'aiBudgetAllocationValue')">
<div>Current AI budget allocation: <span class="score-value" id="aiBudgetAllocationValue">10%</span>
</div>
</div>
<div class="tool-description">
Percentage of security budget allocated to AI technologies and initiatives.
</div>
<label>AI-Trained Security Professionals (Number per 1000 employees)</label>
<div class="form-row">
<div>
<input type="number" id="aiTrainedProfessionals" placeholder="Number of AI-trained staff"
min="0">
</div>
<div>
<input type="number" id="totalEmployeesAI" placeholder="Total employees" min="1">
</div>
</div>
<div>AI-trained staff ratio: <span class="score-value" id="aiStaffRatioValue">--</span> per 1,000
employees</div>
<div class="tool-description">
Number of security professionals with AI/ML training relative to organization size.
</div>
<label>AI Implementation Timeline</label>
<select id="aiImplementationTimeline">
<option value="">Select timeline</option>
<option value="1">No AI implementation planned</option>
<option value="3">Exploring AI options (12+ months)</option>
<option value="5">Planning AI implementation (6-12 months)</option>
<option value="7">Currently implementing AI (3-6 months)</option>
<option value="9">Early AI deployment (0-3 months)</option>
<option value="10">Mature AI program (18+ months)</option>
</select>
<div class="tool-description">
Current AI implementation status and timeline for security AI adoption.
</div>