Many businesses require their partners to comply with numberous and varied cyber security compliances, of which there are literally hundreds. Cyber supply chain risk management (CSCRM) differs from cyber security, by gaining a higher degree of governance over the company in question, and over its extended enterprise partners, such as all its suppliers and customers. Whereas cyber security only considers security of a technical nature, CSCRM attempts to encompass both managerial and human factors in preventing risks from disrupting IT systems\textquoteright\ operations. \cite{CSCRM}
Keeping track of each company\textquoteright s compliance to a particular standard is a lengthy and potentially expensive task since it can be very difficult to maintain without the use of an external service or consultant. Due to the time and experience level required, it is unlikely to be something a system administrator will be able to do on top of their other responsibilities, and a specialist will, in all likelihood, be too expensive for most SMEs.
Keeping track of each company\textquoteright s compliance to a specific standard is a lengthy and potentially expensive task since it can be very difficult to maintain without the use of an external service or consultant. Due to the time and experience level required, it is unlikely to be something a system administrator will be able to do on top of their other responsibilities, and a specialist will, in all likelihood, be too expensive for most SMEs.
\section{Project aim}
An automaticallygenerated cyber security compliance engine, could provide a low cost, time efficient solution for businesses that need a flexible, customisable way of tracking their partner\textquoteright s compliance - or their own compliance - with multiple standards.
An automatically-generated cyber security compliance engine, could provide a low cost, time efficient solution for businesses that need a flexible, customisable way of tracking their partner\textquoteright s compliance - or their own compliance - with multiple standards.
The goal of this project is to create a client-server system that will generate and store compliance forms for the end-user. The forms will be automatically generated via an interface on the application by a user, and accessible by \textquoteleft partners\textquoteright. Partners will be other users that can be added by the primary user, much like friends or followers on a social media application. Users will be able to update the forms\textquoteright\ parameters, and partners will be able to update their answers to the forms, at a later date. This project is a cloud-based application, and it will deal with cyber security compliance only - no other forms of compliance will be within the scope of this project.
