senaduka/old-riskletpy
1
0
Fork 0
Code Issues 5 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Merge branch '35-dodati-u-faq' into 'master'

Browse Source 
Added more faq question

Closes #35

See merge request kbr4/riskletpy!40
This commit was merged in pull request #89.
This commit is contained in:
amir sabani
2025-07-14 11:22:26 +00:00
parent adaffa0b2e e71463a8cf
commit 880db05156
1 changed files with 73 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

73
backend/core/templates/index.html
View File

@@ -634,6 +634,79 @@
Support options vary by plan, ranging from email support for basic plans to priority phone and email support for our Pro users. We are committed to helping you succeed.
</div>
</div>
<!-- FAQ 4 -->
<div class="accordion-item bg-white rounded-lg shadow-md overflow-hidden">
<button type="button" class="accordion-trigger flex justify-between items-center w-full p-4 sm:p-6 text-left text-lg font-medium text-dark-text hover:bg-gray-50 focus:outline-none focus-visible:ring focus-visible:ring-accent focus-visible:ring-opacity-75" aria-expanded="false" aria-controls="faq-answer-4">
<span>How do you protect our data?</span>
<svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class="accordion-chevron w-5 h-5 text-gray-400 transform transition-transform duration-200"><path stroke-linecap="round" stroke-linejoin="round" d="m19.5 8.25-7.5 7.5-7.5-7.5" /></svg>
</button>
<div id="faq-answer-4" class="accordion-content px-4 sm:px-6 border-t border-gray-200 text-gray-600 text-sm" role="region">
Protecting your data is the foundation of our service. We use a multi-layered, "security-in-depth" strategy to safeguard your information at every level.<br><br>
<strong>End-to-End Encryption</strong><br>
Your data is fully encrypted at all times. We use strong TLS 1.2+ protocol for data in transit and industry-standard AES-256 encryption for data at rest. These are the same robust standards trusted by financial institutions and governments worldwide.<br><br>
<strong>Secure and Compliant Infrastructure</strong><br>
Our platform is built on industry-leading cloud providers (like AWS/GCP). All customer data is hosted in the EU, ensuring it benefits from world-class physical security and meets rigorous compliance standards, including ISO 27001.<br><br>
<strong>Application & Access Security</strong><br>
We design our application to be secure from the ground up. Our development follows secure coding practices to prevent vulnerabilities. We enforce strict Role-Based Access Controls, and our application undergoes regular penetration testing by independent, third-party security experts.<br><br>
<strong>Proactive Monitoring & Response</strong><br>
We operate with a "never trust, always verify" mindset. Our systems are monitored 24/7 for suspicious activity, and our team is prepared with a robust incident response plan to act swiftly on any potential threat.<br><br>
For our Pay-Per-Report offering, weve engineered a revolutionary process that delivers a comprehensive risk analysis without requiring any of your sensitive, internal data.<br>
<strong>Heres how our privacy-first model works:</strong><br>
<strong>Questionnaire:</strong> You provide general characteristics about your company (e.g., industry, size, geography) through a simple questionnaire.<br>
<strong>Digital Twin Creation:</strong> We use this information to build a "digital twin"—a conceptual model of your company's operational profile.<br>
<strong>Threat Analysis:</strong> We then cross-reference this digital twin against our proprietary threat database to identify and evaluate the key threats and risks relevant to your unique characteristics.<br>
The result is a highly accurate, tailored risk register created for you, without you ever having to upload a single sensitive document or confidential detail.
</div>
</div>
<!-- FAQ 5 -->
<div class="accordion-item bg-white rounded-lg shadow-md overflow-hidden">
<button type="button" class="accordion-trigger flex justify-between items-center w-full p-4 sm:p-6 text-left text-lg font-medium text-dark-text hover:bg-gray-50 focus:outline-none focus-visible:ring focus-visible:ring-accent focus-visible:ring-opacity-75" aria-expanded="false" aria-controls="faq-answer-5">
<span>Does Risklet confirm if our organization has a specific control and how effective it is?</span>
<svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class="accordion-chevron w-5 h-5 text-gray-400 transform transition-transform duration-200"><path stroke-linecap="round" stroke-linejoin="round" d="m19.5 8.25-7.5 7.5-7.5-7.5" /></svg>
</button>
<div id="faq-answer-5" class="accordion-content px-4 sm:px-6 border-t border-gray-200 text-gray-600 text-sm" role="region">
No. Risklet does not perform an external audit or confirmation of your controls. It is a self-assessment tool designed to empower your organization.<br><br>
Risklet enables you to conduct your own validation of controls. In the subscription version, you can then track the changes in your residual risk after this validation is completed, providing a clear view of your risk management progress.
</div>
</div>
<!-- FAQ 6 -->
<div class="accordion-item bg-white rounded-lg shadow-md overflow-hidden">
<button type="button" class="accordion-trigger flex justify-between items-center w-full p-4 sm:p-6 text-left text-lg font-medium text-dark-text hover:bg-gray-50 focus:outline-none focus-visible:ring focus-visible:ring-accent focus-visible:ring-opacity-75" aria-expanded="false" aria-controls="faq-answer-6">
<span>What is the role of our management in the risk analysis process, and what are our responsibilities after generating a report?</span>
<svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class="accordion-chevron w-5 h-5 text-gray-400 transform transition-transform duration-200"><path stroke-linecap="round" stroke-linejoin="round" d="m19.5 8.25-7.5 7.5-7.5-7.5" /></svg>
</button>
<div id="faq-answer-6" class="accordion-content px-4 sm:px-6 border-t border-gray-200 text-gray-600 text-sm" role="region">
Management's role is critical, and the organization has several key responsibilities to turn the Risklet analysis into an effective cybersecurity program.<br><br>
<strong>Management Approval is Essential</strong><br>
Management body approval and involvement are non-negotiable. There must be formal, documented proof that management has reviewed the analysis and approved the resulting action plans.<br>
<strong>Formal Review and Approval:</strong> All policies and the risk register (including your organization's risk appetite and the acceptance of residual risk) must be formally reviewed and approved by the designated management body.<br>
<strong>Document Decisions:</strong> These approvals and decisions must be documented, for example, in official meeting minutes.<br>
<strong>Approve Action Plans:</strong> Management must formally approve the implementation of any "Plan of Actions and Milestones" (POAM) that results from the risk analysis.<br><br>
<strong>Your Organization's Responsibilities</strong><br>
The Risklet report should be used as a catalyst to build and mature your cybersecurity program.<br>
<strong>Define Your Risk Appetite:</strong> Risklet may present a standard consultancy scale for risk, but your organization must formally define, approve, and document its own specific risk appetite and tolerance levels.<br>
<strong>Establish Governance:</strong> Use the report's findings to justify the resources needed to establish foundational governance. This includes creating and getting management approval for overarching policies (e.g., Policy on Security of Network and Information Systems) and a formal Risk Management Policy.<br>
<strong>Develop and Document:</strong> Systematically create, document, and implement any missing topic-specific policies (e.g., Incident Handling, Business Continuity, Access Control). For each policy, document the supporting procedures and establish a schedule for testing them (e.g., BCDR tests, incident response drills).
</div>
</div>
<!-- FAQ 7 -->
<div class="accordion-item bg-white rounded-lg shadow-md overflow-hidden">
<button type="button" class="accordion-trigger flex justify-between items-center w-full p-4 sm:p-6 text-left text-lg font-medium text-dark-text hover:bg-gray-50 focus:outline-none focus-visible:ring focus-visible:ring-accent focus-visible:ring-opacity-75" aria-expanded="false" aria-controls="faq-answer-7">
<span>Does the Risklet report cover all possible risks in my organization?</span>
<svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class="accordion-chevron w-5 h-5 text-gray-400 transform transition-transform duration-200"><path stroke-linecap="round" stroke-linejoin="round" d="m19.5 8.25-7.5 7.5-7.5-7.5" /></svg>
</button>
<div id="faq-answer-7" class="accordion-content px-4 sm:px-6 border-t border-gray-200 text-gray-600 text-sm" role="region">
<strong>Expand Scope with a Multi-Tiered Approach</strong><br>
The Risklet report provides an essential enterprise-level risk assessment. This aligns with Tier 1 (Organization Level) in the NIST risk management framework, focusing on high-level, strategic risk.<br><br>
To achieve a more mature and comprehensive security posture, it is highly advised to expand this analysis to the other two tiers:<br>
<strong>Tier 2 (Mission/Business Process Level):</strong> Assess risks in the context of your specific core business operations and processes.<br>
<strong>Tier 3 (Information System Level):</strong> Conduct detailed technical risk assessments on the individual systems, applications, and networks that support those operations.<br><br>
While performing assessments at all three tiers is a best practice, it's important to note that a deep-dive analysis at Tiers 2 and 3 is advised for robust security but not explicitly mandated by the NIS2 Directive. Your primary responsibility is to ensure that risks to all essential and important services are identified and managed effectively, using the Tier 1 analysis as your foundation.
</div>
</div>
</div>
</div>
</section>