The Client
SORGU is a Türkiye based service platform that centralizes an entire cybersecurity software, from conception and strategy to implementation and remediation.
Organizations incur large costs each year for IT regulation and compliance auditing, and they experience a loss of workforce. Depending on the size of the organization and the workload, these compliance studies can usually be carried out only once a year, and the change in compliance during the year cannot be followed on time. Cyber security risks caused by negative compliance changes reduce the Cyber Resilience of IT Infrastructure against evolving cyber threats.
SORGU provides,
Continuous Auditing by increasing audit/assessment periods,
Reliable maturity measurement by increasing the sampling size,
Data consolidation with its central app,
Time and resource savings with automation capabilities,
Capability to fix configuration errors centrally.
Requirements and Scope
SORGU came to our team at Software Development Department with the challenge of designing and developing their client platform, while also starting to do all the partners’ integration such as DTO (Digital Transformation Office of the Presidency of Republic of Türkiye).
So we started our agile process building first a POC, then an MVP of this platform where experts could work on their issues in a collaborative experience.
Approach and Process
The product will have two different interfaces, the admin interface and the user interface.
Admin interface: The interface where product management, advanced definitions can be made, attribute, attribute group, benchmarks, control items, adding scripts, user authorizations can be made, tasks can be created and associated with assets and asset groups.
User interface: The interface where adding and updating assets and assessments can be made, technical audit items can be run, reports can be created and assessment results can be viewed.
We initially researched the requirements (DTO Information and Communication Security Guide was taken as the main source) and main data with the team. Then, in order to group them in a meaningful way, we performed a closed-hybrid Card Sorting test with 9 people, especially the staff of the Corporate Information and Cyber Security Management Directorate. According to this;
- Which cards appear together most often
- How often cards appear in certain categories
It is located in the chart below:
Prior to the card sort I had done a very simple sitemap sketch based on the user journey, persona goals and intended navigation. I asked why these groups were chose and then reassessed my draft sitemap:
The card sort and new sitemap were then observed in detail, so we could sketch out new screens based on additional or amended stages with user flow. This was important to do, and added more to the prototype sketches & lo-fi wireframes with Balsamiq tool.
My role as the UI & UX designer was to consolidate all the ideas that the project founders and product managers were bringing to us, analyze their needs and also their end-users’ needs, and turn them into a tangible product. Taking feature by feature from the backlog we follow a series of steps to understand the problem, do user research, discover possibilities, user flows, wireframe the solution and then build and iterate based on user feedback until we achieve a polished experience.
The Result
SORGU launched its client platform in December 2021. Currently, it has 5 main features already running which we continue to iterate based on user feedback coming from the users. Sorgu will start to grow its providing cybersecurity-as-a-service.
Main Features:
Comprehensive Continuous Auditing and Compliance Tool
Automatic maturity calculations with cross-reference between standards, guidelines, checklists
Customizable Meta Model
Detailed analysis of assets
Gap analysis between Compliance and Configuration Audit results
This has been an interesting challenge since this was my first experience with the cybersecurity industry. I continue to learn a new language and standards while also trying to turn a highly technical and serious subject into an enjoyable experience.