diff options
| author | lemonheadhammer <hammerheadlemon@users.noreply.github.com> | 2020-05-14 10:18:53 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-05-14 10:18:53 +0100 |
| commit | 2ff06d9af87d8c68aecef17ac7097ec643fffede (patch) | |
| tree | b780c4d4689b1f04d8ebfcf9dc02df198bcaf88a /README.rst | |
| parent | 0762bb2b0bc1557e44b19fac63d3462997a0c8f4 (diff) | |
Update README.rst
Diffstat (limited to 'README.rst')
| -rw-r--r-- | README.rst | 26 |
1 files changed, 22 insertions, 4 deletions
@@ -1,8 +1,26 @@ -ctrack -====== +Background +========== -CCT tracker +Following the introduction of the `Network and Information Security Directive <https://ec.europa.eu/digital-single-market/en/network-and-information-security-nis-directive>`_, there is a need for Government competent authorities to gather and analyse data about cyber security regimes at Operators of Essential Services (OES) across all relevant sectors. This is currently being achieved in the UK with the aid of `NCSC's Cyber Assessment Framework (CAF) <https://www.ncsc.gov.uk/blog-post/the-cyber-assessment-framework-3-0>`_. -Tracking CAFs. + "The Cyber Assessment Framework (CAF) provides a systematic and comprehensive approach to assessing the extent to which cyber risks to essential functions are being managed by the organisation responsible. It is intended to be used either by the responsible organisation itself (self-assessment) or by an independent external entity, possibly a regulator or a suitably qualified organisation acting on behalf of a regulator." + -- `Cyber Assessment Framework Guidance <https://www.ncsc.gov.uk/collection/caf/cyber-assessment-framework>`_ + +The CAF tool itself currently comprises a multi-sheet Excel document, used to capture assessment scoring and justification text for each contributing outcome in the Directive and to provide a basic dashboard based on cell values. +Automating data collection and analysis +--------------------------------------- +The problem faced by agencies collecting and analsysing this data, who is typically required to handle dozens of these files, is how to store the data and what tooling be developed to support ongoing capture and analysis that makes up a long term compliance regime. + +Excel is often the go-to tool in corporate environments thanks to its ubiquitousness and flexibility. It is easy to create "forms" in Excel for collecting data that can be sent back an forth by email (or more secure means) - however it is not a good tool for long term data storage and/or analysis. A proper database is more appropriate. + +What is ctrack? +--------------- + +Recognising this need, **ctrack** is a proof-of-concept web application developed in-house by the Cyber Compliance Team at the UK Department for Transport that aims to demonstrate the improvements in workflow possible by storing data associated with OES and its associated CAF data in a relational database. It focuses on the absolute basics of managing any business data: *Create*, *Read*, *Update*, *Delete* functionality (CRUD) and demonstrates how collection and analysis of ongoing assessment data - using the CAF as the foundation (the framework, not the spreadsheet) - can be exponentially improved using the simplest of form-based web application. + +Sensitivity of data +-------------------- + +This application is only a proof-of-concept and does not address the issue of deployment to a secure platform which will be required in future when handling real data. |