Assessment Model Updated
A couple of weeks ago, we surveyed all registered CampusCISO members about streamlining the capabilities used in the CYBER HEAT MAP model. Thank you to everyone who provided feedback. Your input is valuable as we continue to shape the tool to fit your needs!
Based on the survey results, we implemented the proposed changes to the assessment model today (March 5) and migrated all assessment answers and vendor solution mappings to the updated categories.
You may notice minor changes in some of your assessment scores after you save a new snapshot, but we did not identify any significant shifts when reviewing customer data.
If you notice any changes that don’t look correct, please email [email protected] for assistance.
Survey Results
Question 1
Should we remove the “Datacenter Security Suite” capability? This capability was intended to reflect vendor solutions that integrate endpoint and network protection products to work together when protecting datacenter assets, but most institutions are implementing endpoint protection and network protection separately rather than using this type of integrated solution.
Question 2
Should we remove the “Website Security Suite” capability? This capability was intended to reflect vendor solutions that integrate WAF, CDN, and DDoS mitigation products to work together when protecting datacenter assets, but most institutions are implementing these separately rather than using this type of integrated solution.
Question 3
Should we combine the “Cloud Email Security” and “Secure Email Gateway” capabilities into a single “Email Security” capability?We originally separated these capabilities to distinguish between on-premises email protection versus cloud protection, but as solutions adopt more cloud-based analysis tools, this distinction is becoming less valuable for planning.
Question 4
Should we combine the “Cloud Data Security” and “Cloud File Security” capabilities into a single “Cloud File Security” capability?We originally separated these capabilities to match review categories from vendor review services, but the functionality described in both capabilities is virtually identical. Combining them would remove some unnecessary data entry from the assessment process.