There are hundreds of cyber security compliance standards, and many businesses require their partners to comply with numerous and varied standards. "Unlike cybersecurity alone, cyber supply chain risk management focuses on gaining visibility and control not only over the focal organization but also over its extended enterprise partners, such as Tier 1/Tier 2 suppliers and customers. In addition, while cybersecurity emphasizes purely technical means of control, CSCRM seeks to engage both managerial and human factors engineering in preventing risks from disrupting IT systems\textquoteright operations."\cite{Gunn:2001:pdflatex} Keeping track of each company\textquoteright s compliance to a particular standard is a lengthy and potentially expensive task since it can be very difficult to maintain without the use of an external service or consultant.
There are hundreds of cyber security compliance standards, and many businesses require their partners to comply with numerous and varied [specifications]. Cyber supply chain risk management (CSCRM) differs from cyber security, by means of gaining a higher degree of governance over the company in question, and also over its extended enterprise partners, such as all its suppliers and customers. Whereas cybersecurity only considers security of a technical nature, CSCRM attempts to encompass both managerial and human factors in preventing risks from disrupting IT systems\textquoteright\operations.\cite{CSCRM} Keeping track of each company\textquoteright s compliance to a particular standard is a lengthy and potentially expensive task since it can be very difficult to maintain without the use of an external service or consultant.
Most SMEs will not be able to afford this - due to the time and experience level required, it might not be something a system administrator can do on top of their other responsibilities, and a consultant might be too expensive.
Most SMEs will not be able to afford this - due to the time and experience level required, it is unlikely to be something a system administrator will be able to do on top of their other responsibilities, and a consultant will, in all likelihood, be too expensive.
\section{Project aim}
An automatically generated cyber security compliance engine, could provide a low cost, time efficient solution for businesses that need a flexible, customisable way of tracking their partner\textquoteright s compliance, or their own compliance, with multiple standards.
An automatically generated cyber security compliance engine, could provide a low cost, time efficient solution for businesses that need a flexible, customisable way of tracking their partner\textquoteright s compliance - or their own compliance - with multiple standards.
The goal of this project is to create a client-server system that will generate and store compliance forms for the enduser. The forms will be automatically generated via an interface on the application by an\textquoteleftadmin\textquoteright, and accessible by \textquoteleft users\textquoteright. This will include the ability to update the forms at a later date. This project is a client-server system only, not an application, and it will deal with cyber security compliance only - no other forms of compliance will be within the scope of this project.
The goal of this project is to create a client-server system that will generate and store compliance forms for the end-user. The forms will be automatically generated via an interface on the application by a user, and accessible by\textquoteleftpartners\textquoteright. Partners will be other users that can be added by the primary user, much like friends or followers on a social media application. Users will be able to update the forms\textquoteright\ parameters, and partners able to update their answers to the forms, at a later date. This project is a cloud-based application, and it will deal with cyber security compliance only - no other forms of compliance will be within the scope of this project.
