Deakin University NIST Toolkit

 

Learn how final year students are using Workflow86 to build a NIST cybersecurity self-assessment toolkit without having to write any code

Background πŸ”

Final year cybersecurity students at Deakin University are tasked with building a cybersecurity product as part of their capstone course. Various teams tackle different areas and problems. One teams was tasked with building a NIST Toolkit where users could perform an assessment based on the NIST framework, and then receive an automatically generated report with analysis on their answers, as well as recommendations.

The Problem πŸ˜•

The team had developed a lot of great content for the toolkit, including a comprehensive set of questions based on the NIST framework, a library of recommendations, a question scoring system that was customized based on industry, a process for how answers to questions would be matched with recommendations, and more.

All of this however was stored and implemented in excel spreadsheets. The team was stuck on how they could make the jump from spreadsheets to an actual digital product.

Most of the team were non-technical when it came to developing web applications. A basic front-end interface had been started, but not progressed very far. Perhaps the biggest challenge faced by the group was how they would be able to implement and maintain the complex back-end logic that was needed to perform scoring, recommendation selection and document generation would be handled. On top of this, there were still questions about deployment, file storage, access controls which would be required for the tool as well.

So whilst the team continued to develop the content for the NIST Toolkit, actual development of the product as a web application had not really progressed in 12 months.

A perfect fit for Workflow86 πŸ’ͺ

The problem faced by the team was a perfect fit for Workflow86. The students had developed a content embedded with subject matter expertise and a very complex workflow with business logic, reasoning, scoring calculations, recommendation matching, and document generation. Other no-code products which focused on more linear workflows or connecting different apps and services together weren’t able to meet what was required by the team.Β 

Workflow86 provided a single, easy to use no-code platform with all the tools and flexibility the team needed to build out their product. The online form builder provided the team with an easy way to create their NIST self-assessment questionnaire. The data from the form would then be processed by conditional logic and calculations, and then select recommendations from a knowledge bank to generate a report. All of this configured using drag and drop, without any code needing to be written.

Built-in versioning control allowed the team to iterate quickly and push changes from development to production with a single click. Team members could also work on the same workflow simultaneously, with different team members working on particular components at the same time without conflict.

Below is a very early snapshot of the basic workflow the team built out in just a few minutes when they started.

What’s next? πŸ€”

The team at Deakin have been busy working away, translating all aspects of their NIST toolkit from excel spreadsheets into the Workflow86 platform. They have gone from stalling for months on development to now being on track to have a functional MVP by the end of January.

Sign up for early access πŸ‘‡

To join as easy access users of Workflow86, go to get.workflow86.com

We are releasing invitations to early access users in batches over the coming weeks, so sign up now to get your spot.