avatar

The Irrational Security Monologue

  Published by: Joffy, Category: Information Security, Views: 841, Date: 2017-06-26

Ionize IRAP Checklist Builder

Since my last checklist whent live a couple years ago, I've added a few minor updates and tweaks, however it has roughly stayed the same.

Looking over my website stats, I've seen on average about 140 unique downloads a month, which is quite a lot when you think about it. Check it out: Monthly downloads of ISM Checklist

New Codebase and API

So when I was asked to write an IRAP-focused Checklist for Ionize I set about a complete rebuild of the tool with brand new code focused on the workflow of an IRAP Scope and Audit phases.

In order to support hosting a new checklist-builder external to my website and the source-data, I had to completely redesign my ISM-API to support the types of information requests required to build all the controls out of the selected document and classification level.

This new API was also designed to support the TISM project, which is currently taking shape.

As for the new builder script itself, a new file-caching system means that building a worksheet from scratch every time is no longer required.

New Features

Whilst it's always good to provide as many features as possible, I designed this new checklist to NOT be all things-to all people.

Classifications

With the above in mind, you can ONLY request one classification, which makes logical sense since one would never work on assessing different classifications at the same time in the one document - you would use a separate checklist for each system.

Control state

Two columns are available for each control; "In-Scope" for scoping the system under assessment, and a "Status" of this control itself when auditing. In addition to this the Scope can be "Yes/No" and "Inherited" from a parent system - this ties directly into a hierarchical assessment of systems, which can assist in compartmentalising a large environment into logical and well-scoped systems to be assessed.

Fancy Colours

Row-highlighting is back, with extra logic to handle the two multi-select columns.

Header Rows

Not many people requested this feature, but I understand why it's important to their workflow, so I have included it as a feature. Rather than just hiding a header-row you can now choose to not have one at all.

Breakdowns

The "Overview" sheet is a welcome addition, which provides for a good breakdown of the current state of an assessment.

When I can get the PHPExcel libary to behave, this page will also have graphs outlining your current position.

Get your worksheet

Head over to the Ionize IRAP Checklist website and grab yourself a copy - It's FREE!!

-J

← Back to Blog Home