Approach and Process
The product will have two different interfaces, the admin interface and the user interface.
Admin interface: The interface where product management, advanced definitions can be made, attribute, attribute group, benchmarks, control items, adding scripts, user authorizations can be made, tasks can be created and associated with assets and asset groups.
User interface: The interface where adding and updating assets and assessments can be made, technical audit items can be run, reports can be created and assessment results can be viewed.
We initially researched the requirements (DTO Information and Communication Security Guide was taken as the main source) and main data with the team. Then, in order to group them in a meaningful way, we performed a closed-hybrid Card Sorting test with 9 people, especially the staff of the Corporate Information and Cyber Security Management Directorate. According to this;
- Which cards appear together most often
- How often cards appear in certain categories
It is located in the chart below: