senaduka/old-riskletpy
1
0
Fork 0
Code Issues 5 Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
e69995c13f6f59817f620f4a930cfd281ec19eb7
old-riskletpy/backend/core/templates/signup.html

1186 lines
74 KiB
HTML
Raw Blame History

{% load static %}
<head>
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Risk Assessment Questions</title>
<link href="{% static 'css/bootstrap.css' %}" rel="stylesheet">
<link href="{% static 'css/Jost.css' %}" rel="stylesheet">
<link href="{% static 'css/main.css' %}" rel="stylesheet">
<link href="{% static 'css/index.css' %}" rel="stylesheet">
<link href="{% static 'css/getstarted.css' %}" rel="stylesheet">
<link href="https://fonts.googleapis.com/css2?family=Darker+Grotesque:wght@300..900&display=swap" rel="stylesheet">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.0/css/all.min.css">
</head>
<body>
<header>
<div class="gs-logo">
<a class="gs-logo" href="/">risklet</a>
</div>
<div class="progress mb-3" id="basic-progress-bar-wrap">
<div id="basic-progress-bar" class="progress-bar" role="progressbar" style="width: 0%"></div>
</div>
<div class="progress mb-3 d-none" id="advanced-progress-bar-wrap">
<div id="advanced-progress-bar" class="progress-bar bg-success" role="progressbar" style="width: 0%"></div>
</div>
</header>
<div class="container">
<div class="row">
<div class="col">
<div id="basic-progress" class="mb-3 text-center fw-bold"></div>
<div id="advanced-progress" class="mb-3 text-center fw-bold d-none"></div>
<hr>
<form method="post">
{% if form.errors %}
<div class="alert alert-danger">
<ul class="mb-0">
{% for field in form %}
{% for error in field.errors %}
<li><strong>{{ field.label }}:</strong> {{ error }}</li>
{% endfor %}
{% endfor %}
{% for error in form.non_field_errors %}
<li>{{ error }}</li>
{% endfor %}
</ul>
</div>
{% endif %}
{% csrf_token %}
<!-- Organization Name & Email -->
<div class="mb-3 question basic-section" id="q0">
<label class="form-label mt-3">Organization Name and Your Email:</label>
<hr>
<div class="pb-3">
<input type="text" class="form-control mb-3" id="name" name="name" placeholder="Organization Name" required>
<input type="email" class="form-control" id="email" name="email" placeholder="Your Email" required>
</div>
<small class="form-text text-muted py-3">
Enter the organization name and your email address. Both fields are required to continue.
</small>
<div id="org-email-error" class="text-danger py-2"></div>
</div>
<!-- Employee Headcount -->
<div class="mb-3 question basic-section" id="q1">
<label class="form-label mt-3">Employee Headcount:</label>
<small class="form-text text-muted">
Select one range - Scale factor for internal user base & potential insider risk
</small>
<hr>
<div class="pb-3">
<div class="form-check">
<input class="form-check-input" type="radio" name="employee_headcount" id="employees-1-50" value="1-50" required>
<label class="form-check-label" for="employees-1-50">
<i class="fa-solid fa-user"></i> 1 - 50
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="employee_headcount" id="employees-51-250" value="51-250">
<label class="form-check-label" for="employees-51-250">
<i class="fa-solid fa-users"></i> 51 - 250
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="employee_headcount" id="employees-251-1000" value="251-1000">
<label class="form-check-label" for="employees-251-1000">
<i class="fa-solid fa-building"></i> 251 - 1,000
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="employee_headcount" id="employees-1001-5000" value="1001-5000">
<label class="form-check-label" for="employees-1001-5000">
<i class="fa-solid fa-city"></i> 1,001 - 5,000
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="employee_headcount" id="employees-5001-10000" value="5001-10000">
<label class="form-check-label" for="employees-5001-10000">
<i class="fa-solid fa-industry"></i> 5,001 - 10,000
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="employee_headcount" id="employees-10000plus" value="10000+">
<label class="form-check-label" for="employees-10000plus">
<i class="fa-solid fa-landmark"></i> 10,000+
</label>
</div>
</div>
<small class="form-text text-muted py-3">Helps determine the scale of IT infrastructure and security
needs based on user volume.</small>
</div>
<!-- Annual Revenue -->
<div class="mb-3 question basic-section" id="q2">
<label class="form-label mt-3">
Annual Revenue Range:
<br>
<small class="form-text text-muted">
Select one range - Indicates scale, potential financial impact, and attractiveness
</small>
</label>
<hr>
<div class="pb-3">
<div class="form-check">
<input class="form-check-input" type="radio" name="annual_revenue" id="revenue-under-10m" value="under-10m" required>
<label class="form-check-label" for="revenue-under-10m">
<i class="fa-solid fa-coins"></i> &lt; $10 Million
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="annual_revenue" id="revenue-10m-250m" value="10m-250m">
<label class="form-check-label" for="revenue-10m-250m">
<i class="fa-solid fa-sack-dollar"></i> $10M - $250 Million
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="annual_revenue" id="revenue-250m-1b" value="250m-1b">
<label class="form-check-label" for="revenue-250m-1b">
<i class="fa-solid fa-money-bill-wave"></i> $250M - $1 Billion
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="annual_revenue" id="revenue-1b-5b" value="1b-5b">
<label class="form-check-label" for="revenue-1b-5b">
<i class="fa-solid fa-vault"></i> $1B - $5 Billion
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="annual_revenue" id="revenue-above-5b" value="above-5b">
<label class="form-check-label" for="revenue-above-5b">
<i class="fa-solid fa-gem"></i> &gt; $5 Billion
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="annual_revenue" id="revenue-non-profit" value="non-profit">
<label class="form-check-label" for="revenue-non-profit">
<i class="fa-solid fa-hand-holding-heart"></i> Not Applicable / Non-Profit
</label>
</div>
</div>
<small class="form-text text-muted py-3">Indicates available resources for cybersecurity investments
and
helps assess risk appetite.</small>
</div>
<!-- Critical Business Applications -->
<div class="mb-3 question basic-section" id="q3">
<label class="form-label mt-3">How many critical business applications do your employees use
daily?</label>
<hr>
<div class="pb-3">
<div class="form-check">
<input class="form-check-input" type="radio" name="critical_applications" id="apps-1-5" value="1-5" required>
<label class="form-check-label" for="apps-1-5">
<i class="fa-solid fa-laptop"></i> 1-5
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="critical_applications" id="apps-5-20" value="5-20">
<label class="form-check-label" for="apps-5-20">
<i class="fa-solid fa-network-wired"></i> 5-20
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="critical_applications" id="apps-more-than-20" value="more-than-20">
<label class="form-check-label" for="apps-more-than-20">
<i class="fa-solid fa-server"></i> More than 20
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="critical_applications" id="apps-unknown" value="unknown">
<label class="form-check-label" for="apps-unknown">
<i class="fa-solid fa-question-circle"></i> I don't know
</label>
</div>
</div>
<small class="form-text text-muted py-3">Reveals the complexity of your technology landscape and
potential attack surface.</small>
</div>
<!-- Regulatory Frameworks -->
<div class="mb-3 question basic-section" id="q4">
<label class="form-label mt-3">
Applicable Regulatory / Compliance Frameworks:
<br>
<small class="form-text text-muted">
Select all applicable - Indicates compliance burden & potential fines/penalties
</small>
</label>
<hr>
<div class="pb-3 option-grid">
<div class="form-check">
<input class="form-check-input" type="checkbox" name="compliance_frameworks" id="compliance-gdpr" value="gdpr">
<label class="form-check-label" for="compliance-gdpr">
<i class="fa-solid fa-globe-europe"></i> GDPR
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" name="compliance_frameworks" id="compliance-ccpa" value="ccpa">
<label class="form-check-label" for="compliance-ccpa">
<i class="fa-solid fa-flag-usa"></i> CCPA / CPRA
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" name="compliance_frameworks" id="compliance-cra" value="cra">
<label class="form-check-label" for="compliance-cra">
<i class="fa-solid fa-shield-halved"></i> CRA (Cyber Resilience Act)
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" name="compliance_frameworks" id="compliance-nis2" value="nis2">
<label class="form-check-label" for="compliance-nis2">
<i class="fa-solid fa-plug-circle-bolt"></i> NIS2
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" name="compliance_frameworks" id="compliance-hipaa" value="hipaa">
<label class="form-check-label" for="compliance-hipaa">
<i class="fa-solid fa-notes-medical"></i> HIPAA
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" name="compliance_frameworks" id="compliance-pci-dss" value="pci-dss">
<label class="form-check-label" for="compliance-pci-dss">
<i class="fa-solid fa-credit-card"></i> PCI-DSS
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" name="compliance_frameworks" id="compliance-sox" value="sox">
<label class="form-check-label" for="compliance-sox">
<i class="fa-solid fa-chart-line"></i> SOX
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" name="compliance_frameworks" id="compliance-cmmc" value="cmmc">
<label class="form-check-label" for="compliance-cmmc">
<i class="fa-solid fa-medal"></i> CMMC
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" name="compliance_frameworks" id="compliance-energy" value="energy">
<label class="form-check-label" for="compliance-energy">
<i class="fa-solid fa-bolt"></i> Specific Energy Regulations (e.g., NERC CIP)
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" name="compliance_frameworks" id="compliance-financial" value="financial">
<label class="form-check-label" for="compliance-financial">
<i class="fa-solid fa-building-columns"></i> Specific Financial Regulations (DORA)
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" name="compliance_frameworks" id="compliance-none" value="none">
<label class="form-check-label" for="compliance-none">
<i class="fa-solid fa-circle-xmark"></i> None / Primarily Best Practices Driven
</label>
</div>
<div class="form-check other-gap">
<div class="other-row">
<input class="form-check-input" type="checkbox" name="compliance_frameworks" id="compliance-other" value="other">
<label class="form-check-label ms-2" for="compliance-other">
<i class="fa-solid fa-ellipsis"></i> Other Industry-Specific Regulations:
</label>
</div>
<input type="text" class="form-control mt-2" name="compliance_frameworks_other" id="compliance-frameworks-other-text" placeholder="Please specify">
</div>
</div>
<small class="form-text text-muted py-3">Identifies mandatory security controls and compliance
requirements that must be implemented.</small>
</div>
<!-- Industry Sector -->
<div class="mb-3 question basic-section" id="q5">
<label class="form-label mt-3">
Primary Industry Sector:
<br>
<small class="form-text text-muted">
Select one - Indicates typical threat actors & regulatory environment
</small>
</label>
<hr>
<div class="pb-3 option-grid">
<div class="form-check">
<input class="form-check-input" type="radio" name="industry_sector" id="industry-financial" value="financial" required>
<label class="form-check-label" for="industry-financial">
<i class="fa-solid fa-building-columns"></i> Financial Services / Insurance
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="industry_sector" id="industry-healthcare" value="healthcare">
<label class="form-check-label" for="industry-healthcare">
<i class="fa-solid fa-notes-medical"></i> Healthcare / Pharmaceuticals
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="industry_sector" id="industry-technology" value="technology">
<label class="form-check-label" for="industry-technology">
<i class="fa-solid fa-microchip"></i> Technology / Software / Telecommunications
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="industry_sector" id="industry-retail" value="retail">
<label class="form-check-label" for="industry-retail">
<i class="fa-solid fa-cart-shopping"></i> Retail / E-commerce
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="industry_sector" id="industry-manufacturing" value="manufacturing">
<label class="form-check-label" for="industry-manufacturing">
<i class="fa-solid fa-industry"></i> Manufacturing / Industrial
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="industry_sector" id="industry-government" value="government">
<label class="form-check-label" for="industry-government">
<i class="fa-solid fa-landmark"></i> Government / Public Sector
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="industry_sector" id="industry-energy" value="energy">
<label class="form-check-label" for="industry-energy">
<i class="fa-solid fa-bolt"></i> Energy / Utilities
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="industry_sector" id="industry-education" value="education">
<label class="form-check-label" for="industry-education">
<i class="fa-solid fa-graduation-cap"></i> Education
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="industry_sector" id="industry-professional" value="professional">
<label class="form-check-label" for="industry-professional">
<i class="fa-solid fa-briefcase"></i> Professional Services (Consulting, Legal, Accounting)
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="industry_sector" id="industry-media" value="media">
<label class="form-check-label" for="industry-media">
<i class="fa-solid fa-photo-film"></i> Media / Entertainment
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="industry_sector" id="industry-transportation" value="transportation">
<label class="form-check-label" for="industry-transportation">
<i class="fa-solid fa-truck-plane"></i> Transportation / Logistics
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="industry_sector" id="industry-hospitality" value="hospitality">
<label class="form-check-label" for="industry-hospitality">
<i class="fa-solid fa-hotel"></i> Hospitality / Travel
</label>
</div>
<div class="form-check other-gap">
<div class="other-row">
<input class="form-check-input" type="radio" name="industry_sector" id="industry-other" value="other">
<label class="form-check-label ms-2" for="industry-other">
<i class="fa-solid fa-ellipsis"></i> Other:
</label>
</div>
<input type="text" class="form-control mt-2" name="industry_sector_other" id="industry-sector-other-text" placeholder="Please specify">
</div>
</div>
<small class="form-text text-muted py-3">
Determines industry-specific threats, regulations, and security best practices applicable to your business.
</small>
</div>
<!-- IT Dependency -->
<div class="mb-3 question basic-section" id="q6">
<label class="form-label mt-3">
Business Operations Dependence on Technology:
<br>
<small class="form-text text-muted">
Select the statement describing impact of 24-hour core IT outage - Direct measure of operational risk
</small>
</label>
<hr>
<div class="pb-3">
<div class="form-check">
<input class="form-check-input" type="radio" name="it_dependency" id="it-minimal" value="minimal" required>
<label class="form-check-label" for="it-minimal">
<i class="fa-solid fa-person-walking"></i> Minimal Disruption: Operations largely continue manually.
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="it_dependency" id="it-significant" value="significant">
<label class="form-check-label" for="it-significant">
<i class="fa-solid fa-triangle-exclamation"></i> Significant Operational Impact: Core processes severely hindered.
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="it_dependency" id="it-major" value="major">
<label class="form-check-label" for="it-major">
<i class="fa-solid fa-sack-xmark"></i> Major Revenue Loss / Service Delivery Failure: Critical functions cease.
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="it_dependency" id="it-continuity" value="continuity-threatened">
<label class="form-check-label" for="it-continuity">
<i class="fa-solid fa-ban"></i> Business Continuity Threatened: Organization cannot function.
</label>
</div>
</div>
<small class="form-text text-muted py-3">Measures the potential business impact of IT disruptions
and
helps prioritize security investments.</small>
</div>
<!-- Sensitive Data Level -->
<div class="mb-3 question basic-section" id="q7">
<label class="form-label mt-3">
Sensitive Data Handled:
<br>
<small class="form-text text-muted">
Select all applicable categories - Core risk driver
</small>
</label>
<hr>
<div class="pb-3">
<div class="form-check">
<input class="form-check-input" type="checkbox" name="sensitive_data" id="data-customer-pii" value="customer-pii">
<label class="form-check-label" for="data-customer-pii">
<i class="fa-solid fa-id-card"></i> Customer Personally Identifiable Information (PII - e.g., names, addresses, email)
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" name="sensitive_data" id="data-employee-pii" value="employee-pii">
<label class="form-check-label" for="data-employee-pii">
<i class="fa-solid fa-user-tie"></i> Employee Personally Identifiable Information (PII)
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" name="sensitive_data" id="data-phi" value="phi">
<label class="form-check-label" for="data-phi">
<i class="fa-solid fa-notes-medical"></i> Protected Health Information (PHI)
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" name="sensitive_data" id="data-pci" value="pci">
<label class="form-check-label" for="data-pci">
<i class="fa-solid fa-credit-card"></i> Payment Card Industry Data (PCI-DSS Scope)
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" name="sensitive_data" id="data-financial" value="financial">
<label class="form-check-label" for="data-financial">
<i class="fa-solid fa-file-invoice-dollar"></i> Confidential Financial Information (Non-PCI)
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" name="sensitive_data" id="data-ip" value="ip">
<label class="form-check-label" for="data-ip">
<i class="fa-solid fa-lightbulb"></i> Intellectual Property / Trade Secrets / R&amp;D Data
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" name="sensitive_data" id="data-strategy" value="strategy">
<label class="form-check-label" for="data-strategy">
<i class="fa-solid fa-chess-king"></i> Sensitive Business Strategy / M&amp;A Data
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" name="sensitive_data" id="data-gov" value="government">
<label class="form-check-label" for="data-gov">
<i class="fa-solid fa-user-shield"></i> Government Classified / Controlled Unclassified Information (CUI)
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" name="sensitive_data" id="data-ot" value="ot">
<label class="form-check-label" for="data-ot">
<i class="fa-solid fa-microchip"></i> Critical Operational Technology (OT) Data
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" name="sensitive_data" id="data-none" value="none">
<label class="form-check-label" for="data-none">
<i class="fa-solid fa-circle-xmark"></i> None / Minimal Sensitive Data Handled
</label>
</div>
</div>
<small class="form-text text-muted py-3">Assesses the potential impact of data breaches and
determines
required security controls.</small>
</div>
<!-- Overall Sensitivity Level of Data Processed -->
<div class="mb-3 question basic-section" id="q8">
<label class="form-label mt-3">
Overall Sensitivity Level of Data Processed:
<br>
<small class="form-text text-muted">
Select one - Subjective rating of value/impact
</small>
</label>
<hr>
<div class="pb-3">
<div class="form-check">
<input class="form-check-input" type="radio" name="data_sensitivity" id="sensitivity-low" value="low" required>
<label class="form-check-label" for="sensitivity-low">
<i class="fa-solid fa-unlock"></i> Low (Primarily public or non-sensitive internal data)
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="data_sensitivity" id="sensitivity-medium" value="medium">
<label class="form-check-label" for="sensitivity-medium">
<i class="fa-solid fa-lock-open"></i> Medium (Some confidential business data, basic PII)
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="data_sensitivity" id="sensitivity-high" value="high">
<label class="form-check-label" for="sensitivity-high">
<i class="fa-solid fa-lock"></i> High (Significant PII/PHI, Financial Data, Critical IP)
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="data_sensitivity" id="sensitivity-very-high" value="very-high">
<label class="form-check-label" for="sensitivity-very-high">
<i class="fa-solid fa-vault"></i> Very High (Large volumes of highly sensitive data, regulated data, "crown jewel" IP)
</label>
</div>
</div>
<small class="form-text text-muted py-3">
Subjective rating of the value and impact of the data your organization processes.
</small>
</div>
<!-- Intellectual Property (IP) Value -->
<div class="mb-3 question basic-section" id="q9">
<label class="form-label mt-3">
Intellectual Property (IP) Value:
<br>
<small class="form-text text-muted">
Select best description of IP's importance to the business model
</small>
</label>
<hr>
<div class="pb-3">
<div class="form-check">
<input class="form-check-input" type="radio" name="ip_value" id="ip-value-low" value="low" required>
<label class="form-check-label" for="ip-value-low">
<i class="fa-regular fa-circle"></i> Low: IP is not a significant differentiator or revenue driver.
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="ip_value" id="ip-value-medium" value="medium">
<label class="form-check-label" for="ip-value-medium">
<i class="fa-solid fa-lightbulb"></i> Medium: IP provides some competitive advantage or supports core products.
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="ip_value" id="ip-value-high" value="high">
<label class="form-check-label" for="ip-value-high">
<i class="fa-solid fa-chess-king"></i> High: IP is a primary source of competitive advantage and revenue.
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="ip_value" id="ip-value-critical" value="critical">
<label class="form-check-label" for="ip-value-critical">
<i class="fa-solid fa-gem"></i> Critical: Business model is fundamentally based on unique, high-value IP.
</label>
</div>
</div>
<small class="form-text text-muted py-3">
Indicates the strategic importance of intellectual property to your organization.
</small>
</div>
<!-- Remote Workforce Percentage -->
<div class="mb-3 question basic-section" id="q10">
<label class="form-label mt-3">What percentage of your workforce operates remotely?</label>
<hr>
<div class="pb-3">
<div class="form-check">
<input class="form-check-input" type="radio" name="remote_workforce_percentage" id="remote-none" value="none" required>
<label class="form-check-label" for="remote-none">
<i class="fa-solid fa-building-user"></i> None
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="remote_workforce_percentage" id="remote-1-10" value="1-10">
<label class="form-check-label" for="remote-1-10">
<i class="fa-solid fa-user-house"></i> 1-10%
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="remote_workforce_percentage" id="remote-above-10" value="above-10">
<label class="form-check-label" for="remote-above-10">
<i class="fa-solid fa-people-roof"></i> Above 10%
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="remote_workforce_percentage" id="remote-unknown" value="unknown">
<label class="form-check-label" for="remote-unknown">
<i class="fa-solid fa-question-circle"></i> I don't know
</label>
</div>
</div>
<small class="form-text text-muted py-3">Evaluates remote access security requirements and potential
exposure to external threats.</small>
</div>
<!-- Third-Party Vendor Access -->
<div class="mb-3 question basic-section" id="q11">
<label class="form-label mt-3">How many third-party vendors have access to your systems?</label>
<hr>
<div class="pb-3">
<div class="form-check">
<input class="form-check-input" type="radio" name="third_party_vendor_access" id="vendor-none" value="none" required>
<label class="form-check-label" for="vendor-none">
<i class="fa-solid fa-ban"></i> None
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="third_party_vendor_access" id="vendor-1-5" value="1-5">
<label class="form-check-label" for="vendor-1-5">
<i class="fa-solid fa-handshake"></i> 1-5
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="third_party_vendor_access" id="vendor-more-than-5" value="more-than-5">
<label class="form-check-label" for="vendor-more-than-5">
<i class="fa-solid fa-people-group"></i> More than 5
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="third_party_vendor_access" id="vendor-unknown" value="unknown">
<label class="form-check-label" for="vendor-unknown">
<i class="fa-solid fa-question-circle"></i> I don't know
</label>
</div>
</div>
<small class="form-text text-muted py-3">Assesses supply chain risk and the need for vendor security
management.</small>
</div>
<!-- Internal Software Development -->
<div class="mb-3 question basic-section" id="q12">
<label class="form-label mt-3">
Internal Software Development for Critical Applications:
<br>
<small class="form-text text-muted">
Select one - Potential for introducing vulnerabilities
</small>
</label>
<hr>
<div class="pb-3">
<div class="form-check">
<input class="form-check-input" type="radio" name="internal_software_development" id="dev-none" value="none" required>
<label class="form-check-label" for="dev-none">
<i class="fa-solid fa-ban"></i> No internal development of critical business applications.
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="internal_software_development" id="dev-some" value="some">
<label class="form-check-label" for="dev-some">
<i class="fa-solid fa-code"></i> Yes, some critical business applications are developed internally.
</label>
</div>
</div>
<small class="form-text text-muted py-3">Determines the need for secure development practices and
application security measures.</small>
</div>
<!-- IT Infrastructure Model -->
<div class="mb-3 question basic-section" id="q13">
<label class="form-label mt-3">What is your primary IT infrastructure model?</label>
<hr>
<div class="pb-3">
<div class="form-check">
<input class="form-check-input" type="checkbox" name="it_infrastructure" id="it-on-prem" value="on-premises">
<label class="form-check-label" for="it-on-prem">
<i class="fa-solid fa-server"></i> On-premises systems
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" name="it_infrastructure" id="it-cloud" value="cloud-based">
<label class="form-check-label" for="it-cloud">
<i class="fa-solid fa-cloud"></i> Cloud-based systems
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" name="it_infrastructure" id="it-hybrid" value="hybrid">
<label class="form-check-label" for="it-hybrid">
<i class="fa-solid fa-diagram-project"></i> Hybrid infrastructure
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" name="it_infrastructure" id="it-legacy" value="legacy">
<label class="form-check-label" for="it-legacy">
<i class="fa-solid fa-computer"></i> Legacy systems
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" name="it_infrastructure" id="it-modern" value="modern">
<label class="form-check-label" for="it-modern">
<i class="fa-solid fa-microchip"></i> Modern architecture
</label>
</div>
</div>
<small class="form-text text-muted py-3">Determines specific cybersecurity controls.</small>
</div>
<!-- Network Infrastructure Model -->
<div class="mb-3 question basic-section" id="q14">
<label class="form-label mt-3">
Network Infrastructure Model:
<br>
<small class="form-text text-muted">
Select the primary model - Different inherent risks associated with each
</small>
</label>
<hr>
<div class="pb-3">
<div class="form-check">
<input class="form-check-input" type="radio" name="network_infrastructure" id="network-onprem" value="on-premise">
<label class="form-check-label" for="network-onprem">
<i class="fa-solid fa-server"></i> Primarily On-Premise Data Centers
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="network_infrastructure" id="network-cloud" value="cloud">
<label class="form-check-label" for="network-cloud">
<i class="fa-solid fa-cloud"></i> Primarily Cloud-Based (IaaS, PaaS, SaaS)
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="network_infrastructure" id="network-hybrid" value="hybrid">
<label class="form-check-label" for="network-hybrid">
<i class="fa-solid fa-diagram-project"></i> Hybrid (Significant mix of On-Premise and Cloud)
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="network_infrastructure" id="network-ot" value="ot-ics">
<label class="form-check-label" for="network-ot">
<i class="fa-solid fa-industry"></i> Primarily Operational Technology (OT) / Industrial Control Systems (ICS)
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="network_infrastructure" id="network-complex" value="complex-mix">
<label class="form-check-label" for="network-complex">
<i class="fa-solid fa-network-wired"></i> Complex Multi-Cloud / Hybrid / OT mix
</label>
</div>
</div>
<small class="form-text text-muted py-3">Helps understand the complexity and vulnerability points in
your
technical environment.</small>
</div>
<!-- Geographic Operational Scope -->
<div class="mb-3 question basic-section" id="q15">
<label class="form-label mt-3">
Geographic Operational Scope:
<br>
<small class="form-text text-muted">
Select the best description - Complexity, regulatory diversity, geopolitical risk
</small>
</label>
<hr>
<div class="pb-3">
<div class="form-check">
<input class="form-check-input" type="radio" name="geographic_scope" id="geo-single-country" value="single-country">
<label class="form-check-label" for="geo-single-country">
<i class="fa-solid fa-location-dot"></i> Single Country / Region
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="geographic_scope" id="geo-multi-country" value="multi-country">
<label class="form-check-label" for="geo-multi-country">
<i class="fa-solid fa-earth-europe"></i> Multiple Countries within one Continent
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="geographic_scope" id="geo-multi-continent" value="multi-continent">
<label class="form-check-label" for="geo-multi-continent">
<i class="fa-solid fa-globe"></i> Multiple Continents
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="geographic_scope" id="geo-global" value="global">
<label class="form-check-label" for="geo-global">
<i class="fa-solid fa-earth-americas"></i> Global
</label>
</div>
</div>
<small class="form-text text-muted py-3">Determines exposure to different cybersecurity
regulations.</small>
</div>
<!--Customer Base Distribution -->
<div class="mb-3 question basic-section" id="q16">
<label class="form-label mt-3">
Customer Base Distribution:
<br>
<small class="form-text text-muted">
Select best description - Concentration risk
</small>
</label>
<hr>
<div class="pb-3">
<div class="form-check">
<input class="form-check-input" type="radio" name="customer_base" id="customer-highly-concentrated" value="highly-concentrated">
<label class="form-check-label" for="customer-highly-concentrated">
<i class="fa-solid fa-users-between-lines"></i> Highly Concentrated (Few large customers)
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="customer_base" id="customer-moderately-distributed" value="moderately-distributed">
<label class="form-check-label" for="customer-moderately-distributed">
<i class="fa-solid fa-users"></i> Moderately Distributed
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="customer_base" id="customer-highly-distributed" value="highly-distributed">
<label class="form-check-label" for="customer-highly-distributed">
<i class="fa-solid fa-people-group"></i> Highly Distributed (Many small customers)
</label>
</div>
</div>
<small class="form-text text-muted py-3">Assesses potential impact of data breaches.</small>
</div>
<!-- Primary Customer Type -->
<div class="mb-3 question basic-section" id="q17">
<label class="form-label mt-3">
Primary Customer Type:
<br>
<small class="form-text text-muted">
Select one - Nature of data handled, potential impact group
</small>
</label>
<hr>
<div class="pb-3">
<div class="form-check">
<input class="form-check-input" type="radio" name="customer_type" id="customer-b2c" value="b2c">
<label class="form-check-label" for="customer-b2c">
<i class="fa-solid fa-user"></i> Consumers (B2C)
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="customer_type" id="customer-b2b" value="b2b">
<label class="form-check-label" for="customer-b2b">
<i class="fa-solid fa-briefcase"></i> Businesses (B2B)
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="customer_type" id="customer-b2g" value="b2g">
<label class="form-check-label" for="customer-b2g">
<i class="fa-solid fa-landmark"></i> Government Agencies (B2G)
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="customer_type" id="customer-mix" value="mix">
<label class="form-check-label" for="customer-mix">
<i class="fa-solid fa-layer-group"></i> Mix of B2C / B2B
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="customer_type" id="customer-internal" value="internal">
<label class="form-check-label" for="customer-internal">
<i class="fa-solid fa-users-gear"></i> Internal (e.g., Shared Service)
</label>
</div>
</div>
<small class="form-text text-muted py-3">Defines data protection requirements.</small>
</div>
<!-- Product/Service Portfolio -->
<div class="mb-3 question basic-section" id="q18">
<label class="form-label mt-3">
Product/Service Portfolio Diversity:
<br>
<small class="form-text text-muted">
Select best description - Impact concentration
</small>
</label>
<hr>
<div class="pb-3">
<div class="form-check">
<input class="form-check-input" type="radio" name="product_portfolio" id="portfolio-focused" value="focused">
<label class="form-check-label" for="portfolio-focused">
<i class="fa-solid fa-bullseye"></i> Highly Focused (1-2 core products/services)
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="product_portfolio" id="portfolio-moderate" value="moderate">
<label class="form-check-label" for="portfolio-moderate">
<i class="fa-solid fa-layer-group"></i> Moderately Diversified
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="product_portfolio" id="portfolio-diversified" value="diversified">
<label class="form-check-label" for="portfolio-diversified">
<i class="fa-solid fa-shapes"></i> Highly Diversified Portfolio
</label>
</div>
</div>
<small class="form-text text-muted py-3">Indicates the variety of systems requiring
protection.</small>
</div>
<!-- Supplier Base Structure -->
<div class="mb-3 question basic-section" id="q19">
<label class="form-label mt-3">
Dependency on Critical Suppliers:
<br>
<small class="form-text text-muted">
How dependent is your core operation on a small number of critical suppliers (non-IT or IT)?
</small>
</label>
<hr>
<div class="pb-3">
<div class="form-check">
<input class="form-check-input" type="radio" name="supplier_base" id="supplier-low" value="low">
<label class="form-check-label" for="supplier-low">
<i class="fa-solid fa-people-group"></i> Low Dependency / Many alternatives available.
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="supplier_base" id="supplier-moderate" value="moderate">
<label class="form-check-label" for="supplier-moderate">
<i class="fa-solid fa-handshake"></i> Moderate Dependency / Some critical suppliers, but alternatives exist.
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="supplier_base" id="supplier-high" value="high">
<label class="form-check-label" for="supplier-high">
<i class="fa-solid fa-link"></i> High Dependency / Reliant on a few critical suppliers with limited alternatives.
</label>
</div>
</div>
<small class="form-text text-muted py-3">Assesses third-party cybersecurity risks.</small>
</div>
<!-- Intellectual Property Protection -->
<div class="mb-3 question basic-section" id="q20">
<label class="form-label mt-3">How does your organization protect and manage intellectual
property?</label>
<hr>
<div class="pb-3">
<div class="form-check">
<input class="form-check-input" type="checkbox" name="intellectual_property" id="ip-patents" value="patents">
<label class="form-check-label" for="ip-patents">
<i class="fa-solid fa-certificate"></i> Patents owned
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" name="intellectual_property" id="ip-licensed" value="licensed-ip">
<label class="form-check-label" for="ip-licensed">
<i class="fa-solid fa-file-contract"></i> Licensed IP from others
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" name="intellectual_property" id="ip-trade-secrets" value="trade-secrets">
<label class="form-check-label" for="ip-trade-secrets">
<i class="fa-solid fa-user-secret"></i> Trade secrets
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" name="intellectual_property" id="ip-joint" value="joint-ip">
<label class="form-check-label" for="ip-joint">
<i class="fa-solid fa-people-arrows"></i> Joint IP ownership
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" name="intellectual_property" id="ip-none" value="no-ip">
<label class="form-check-label" for="ip-none">
<i class="fa-solid fa-circle-xmark"></i> No significant IP
</label>
</div>
</div>
<small class="form-text text-muted py-3">Evaluates cybersecurity needs based on IP
ownership.</small>
</div>
<!-- Sensitive Data -->
<div class="mb-3 question basic-section" id="q21">
<label class="form-label mt-3">What type of sensitive data does your organization handle?</label>
<hr>
<div class="pb-3">
<div class="form-check">
<input class="form-check-input" type="checkbox" name="sensitive_data_types" id="data-personal" value="personal">
<label class="form-check-label" for="data-personal">
<i class="fa-solid fa-id-card"></i> Personal customer data
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" name="sensitive_data_types" id="data-financial-q22" value="financial">
<label class="form-check-label" for="data-financial-q22">
<i class="fa-solid fa-file-invoice-dollar"></i> Financial records
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" name="sensitive_data_types" id="data-healthcare" value="healthcare">
<label class="form-check-label" for="data-healthcare">
<i class="fa-solid fa-notes-medical"></i> Healthcare information
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" name="sensitive_data_types" id="data-ip-q22" value="ip-property">
<label class="form-check-label" for="data-ip-q22">
<i class="fa-solid fa-lightbulb"></i> Intellectual property
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" name="sensitive_data_types" id="data-gov-q22" value="government">
<label class="form-check-label" for="data-gov-q22">
<i class="fa-solid fa-user-shield"></i> Government data
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" name="sensitive_data_types" id="data-payment" value="payment">
<label class="form-check-label" for="data-payment">
<i class="fa-solid fa-credit-card"></i> Payment card data
</label>
</div>
</div>
<small class="form-text text-muted py-3">Identifies compliance frameworks.</small>
</div>
<!-- Critical Business Systems -->
<div class="mb-3 question basic-section" id="q22">
<label class="form-label mt-3">
Integration of Critical Business Systems:
<br>
<small class="form-text text-muted">
Select best description - Complexity, potential cascade failures
</small>
</label>
<hr>
<div class="pb-3">
<div class="form-check">
<input class="form-check-input" type="radio" name="integration_level" id="integration-low" value="low">
<label class="form-check-label" for="integration-low">
<i class="fa-solid fa-plug-circle-xmark"></i> Low: Systems largely operate independently.
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="integration_level" id="integration-moderate" value="moderate">
<label class="form-check-label" for="integration-moderate">
<i class="fa-solid fa-link"></i> Moderate: Some key systems integrated (e.g., CRM & ERP).
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="integration_level" id="integration-high" value="high">
<label class="form-check-label" for="integration-high">
<i class="fa-solid fa-network-wired"></i> High: Tightly integrated ecosystem, failure in one impacts many.
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="integration_level" id="integration-complex" value="complex">
<label class="form-check-label" for="integration-complex">
<i class="fa-solid fa-diagram-project"></i> Complex: Highly integrated, often involving legacy and modern systems.
</label>
</div>
</div>
<small class="form-text text-muted py-3">Evaluates potential for cascade failures.</small>
</div>
<!-- Rate of Technology / Business Change -->
<div class="mb-3 question basic-section" id="q23">
<label class="form-label mt-3">
Rate of Technology / Business Change:
<br>
<small class="form-text text-muted">
Select best description - Higher change rate can increase risk
</small>
</label>
<hr>
<div class="pb-3">
<div class="form-check">
<input class="form-check-input" type="radio" name="change_rate" id="change-low" value="low">
<label class="form-check-label" for="change-low">
<i class="fa-solid fa-hourglass-half"></i> Low: Stable environment, infrequent major changes.
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="change_rate" id="change-moderate" value="moderate">
<label class="form-check-label" for="change-moderate">
<i class="fa-solid fa-rotate"></i> Moderate: Regular updates and some process changes.
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="radio" name="change_rate" id="change-high" value="high">
<label class="form-check-label" for="change-high">
<i class="fa-solid fa-bolt"></i> High: Frequent major technology rollouts or business model shifts.
</label>
</div>
</div>
<small class="form-text text-muted py-3">
Higher change rates can increase risk and require more robust change management.
</small>
</div>
<!-- Relevant Threat Actors -->
<div class="mb-3 question basic-section" id="q24">
<label class="form-label mt-3">
Relevant Threat Actors:
<br>
<small class="form-text text-muted">
Select the Top 2-3 most relevant threat actor types based on your industry/data
</small>
</label>
<hr>
<div class="pb-3">
<div class="form-check">
<input class="form-check-input" type="checkbox" name="threat_actors" id="threat-cybercriminals" value="cybercriminals">
<label class="form-check-label" for="threat-cybercriminals">
<i class="fa-solid fa-mask"></i> Cybercriminals (financially motivated)
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" name="threat_actors" id="threat-nation-state" value="nation-state">
<label class="form-check-label" for="threat-nation-state">
<i class="fa-solid fa-flag"></i> Nation-State Actors (espionage, disruption)
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" name="threat_actors" id="threat-hacktivists" value="hacktivists">
<label class="form-check-label" for="threat-hacktivists">
<i class="fa-solid fa-bullhorn"></i> Hacktivists (ideologically motivated)
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" name="threat_actors" id="threat-insider" value="insider">
<label class="form-check-label" for="threat-insider">
<i class="fa-solid fa-user-secret"></i> Insider Threats (malicious or accidental)
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" name="threat_actors" id="threat-competitors" value="competitors">
<label class="form-check-label" for="threat-competitors">
<i class="fa-solid fa-user-tie"></i> Competitors (industrial espionage)
</label>
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" name="threat_actors" id="threat-opportunistic" value="opportunistic">
<label class="form-check-label" for="threat-opportunistic">
<i class="fa-solid fa-bug"></i> Opportunistic Attackers (less sophisticated, broad attacks)
</label>
</div>
</div>
<small class="form-text text-muted py-3">
Helps prioritize security controls and monitoring based on likely threats.
</small>
</div>
<div class="d-flex justify-content-end mt-4">
<button type="button" class="btn btn-lg btn-outline-secondary me-3" id="back">Back</button>
<button type="submit" class="btn btn-primary btn-lg" id="submit">Next</button>
<button type="button" class="btn btn-primary btn-lg" id="next">Next</button>
</div>
</form>
</div>
</div>
</div>
<script src="/static/js/formHandling.js"></script>
<script src='/static/js/bootstrap.js'></script>
</body>
Reference in New Issue View Git Blame Copy Permalink