You are on page 1of 46

CISO Platform Index

CISO PLATFORM INDEX REPORT 2015


Report submitted to the
Indian Institute of Technology, Kharagpur
In partial fulfillment
For the award of the degree
of

Master of Business Administration


by

Pratiksha Garnaik [14BM60039]

Under the guidance of


Prof. Abhijeet Chandra

VINOD GUPTA SCHOOL OF MANAGEMENT


INDIAN INSTITUTE OF TECHNOLOGY KHARAGPUR
August, 2015

Pratiksha Garnaik, VGSoM, IIT Kharagpur

Page 1

CISO Platform Index

CERTIFICATE

This is to certify that the summer internship report titled CISO Platform Index Report 2015,
submitted by Pratiksha Garnaik bearing Roll No. 14BM60039 to Indian Institute of
Technology, Kharagpur, is a record of bona fide research work under my supervision and I
consider it worthy of consideration for the award of degree of Master of Business
Administration in accordance with the regulation of the Institute.

Date:
_____________________

Supervisor

Pratiksha Garnaik, VGSoM, IIT Kharagpur

Page 2

CISO Platform Index

CERTIFICATE OF EXAMIMATION

DD/MM/YYYY
Certified that the summer internship report titled CISO Platform Index Report 2015
submitted by Pratiksha Garnaik bearing Roll No. 14BM60039 to the Indian Institute of
Technology, Kharagpur, towards the partial fulfillment of the requirements for the award of
the degree Master of Business Administration has been accepted by the panel of examiners,
and that the student has successfully defended the work in the viva-voce examination held
today.

Panel Member 1

Panel Member 2

Panel Member3

Panel Member 4

Pratiksha Garnaik, VGSoM, IIT Kharagpur

Page 3

CISO Platform Index

ACKNOWLEDGEMENT

This project could not have been successfully completed without help and support. I
would like to thank all of those who were responsible for the successful completion of this
project.
First of all I would like thank CISO Platform for giving me an opportunity to pursue
an Internship with and an opportunity to learn. I take great pleasure in presenting my project
that was carried out at CISO Platform, Koramangala.
I would like to thank Mr. Bikash Barai, Founder of IViZ Security, Koramangala
and Chief Advisor of CISO Platform for taking time out of his busy schedule guiding me
throughout the project, providing his valuable feedback, correcting me whenever needed.
Working with him was a great learning experience.
I take great pleasure in expressing my gratitude to Mrs. Priyanka Aash, MD, CISO
Platform and Ms. Pritha Aash, Associate Analyst, CISO Platform for helping me in all
possible ways to complete this project successfully. I would also like to thank Prof. Abhijeet
Chandra for his valuable guidance and suggestions for the successful completion of this
project.
My heartiest gratitude towards Mr. Abhishek Yadav, HR Head, CISO Platform for
streamlining my project with his interests and helping me fruitfully complete it.

Pratiksha Garnaik, VGSoM, IIT Kharagpur

Page 4

CISO Platform Index

Executive Summary
Over time, influence of customer satisfaction ratings on buying decision has increased. In the
field of Information Security, there is lack of an index where customer satisfaction ratings are
put together and made public so that new customers can use those ratings before buying any
product. There is no common place where opinions of users about a product are present.
CISO Platform aims at making the work of CISOs easier. In an attempt to provide IT security
customers with a system which would rate products based on customer recommendation an
unique framework called the CISO Platform Index (CPI) is to be formed. This would help
buyers compare the products and make a well-informed decision. This index would help
buyers identify the most used and preferred products and would act as a guide to make quick
decisions regarding which product to buy.
This study started with collection of data from Chief Information Security Officers through a
survey. This survey consisted of collection of rating for IT security products on different
parameters on a scale of 1 to 10(1 being the least). Different weightage was given to different
parameters and CPI was calculated according to the ratings. The products for which ratings
were collected were mapped to appropriate domains. The products were mapped according to
their parameter ratings as well. Three product buckets were formed according to CPI and
analyst ratings.
At the end of this study, in different domains in the field of IT security we were able to
identify products which ranked highest according to customer satisfaction. Analyst ratings
were also obtained for all major products from major vendors in all identified domain. This
index is expected to make the job of CISOs easier while selecting a product for their
respective organisations. Selection of products can be more well-informed and quicker if this
index is used.

Pratiksha Garnaik, VGSoM, IIT Kharagpur

Page 5

CISO Platform Index

CONTENTS
1. ABOUT CISO PLATFORM
2. BACKGROUND AND MOTIVATION
2.1 Growing importance of Word of Mouth
2.2 Need of a customer-satisfaction based rating framework
3. OBJECTIVES
4. LITERATURE REVIEW
5. METHODOLOGY
5.1 Framework Building
5.2 Domain Identification
5.3 Data Collection
5.4 Bad Data Removal
5.5 Data Sorting
5.6 Use of Tools
5.7 Calculation Methodology
5.8 Analyst Rating
5.9 Product Bucket Categorization
6. RESULTS
6.1 Distribution of Responses across domains
6.2 Distribution of companies according to CPI
6.3 Domain-wise distribution of CPI rated Products
6.4 Domain-wise analysis
6.4.1 Application Security Testing (AST)
6.4.2 Endpoint Security (EPS)
6.4.3 Data Leakage Prevention (DLP)
6.4.4 Distributed Denial of Services (DDoS)
6.4.5 Firewall
6.4.6 IT Governance, Risk and Compliance (IT GRC)
6.4.7 Identity and Access Management (IAM)
6.4.8 Intrusion Detection/Prevention System (IDS/IPS)
Pratiksha Garnaik, VGSoM, IIT Kharagpur

Page 6

CISO Platform Index


6.4.9 Mobile Security
6.4.10 Secure email Gateway
6.4.11 Secure web Gateway
6.4.12 Unified Threat Management (UTM)
6.4.13 Security information and event Management (SIEM)
6.4.14 Web Application Firewall (WAF)
7. CONCLUSION AND RECOMMENDATIONS
8. REFERENCES
9. QUESTIONNAIRE AND DATA COLLECTED

Pratiksha Garnaik, VGSoM, IIT Kharagpur

Page 7

CISO Platform Index

ABOUT CISO PLATFORM


(Source: CISO Platform)

CISO Platform is a Social Media Network dedicated to the Information security


leaders, providing its subscribed members with informative CISO insights, articles,
webinars etc. CISO Platform helps deliver the security insights necessary for CISOs
and senior IT leaders in corporations to make the right buying and implementation
decisions. This vision of the platform is to enable the senior security executives to
share, learn and network with other peers. The flagship event Top 100 CISO award
is an attempt to recognize the contributions that these extremely talented Security
executives make in securing their businesses and create competitive edge to deliver
business value. Our conference/events allow us to provide up-to-date information of
all the latest trends in the Information Security field. Their goal is to provide highest
quality information to CISOs to help them excel in their role.

1400 + Global CISOs as member: Online Social Network for CISOs to


Network, Share and Learn
CISO Handbook: Precise Operational Handbook for the CISOs, by the CISOs
CISO Platform Index: First framework to evaluate products based solely on
CISO recommendation

Pratiksha Garnaik, VGSoM, IIT Kharagpur

Page 8

CISO Platform Index

CISO Platform Annual Summit: Annual event where 200+ CISOs gather to
share knowledge through 18 minute "Turbo Sessions"

Why CISO Platform is a great platform for CISOs across the country?
CISO's need online presence. CISO Platform gives Information security leaders
greater online exposure. Here on CISO Platform, you can showcase your hands on
knowledge to an audience that might not otherwise find you. Content that we love is
immediately submitted to Google and hugely promoted on other social platforms like
Twitter, LinkedIn and StumbleUpon, meaning your content gets a far wider audience
than it might otherwise reach.
Simply by joining Information security leaders will be able to do the following:
Start a blog to demonstrate their thought leadership.
Participate in webinars as speakers or audience.
Build a profile page with contact details, logo, web address and a customizable
design area to showcase their services.
Ask questions to other peers on implementation or on their prior experiences.

They have a huge range of members globally who provide great opinion pieces, offer
advice and share their experiences in IT Security. Members include:
CIO
CISO
VP-IT
Director-IT
IT Manager

Pratiksha Garnaik, VGSoM, IIT Kharagpur

Page 9

CISO Platform Index

BACKGROUND AND MOTIVATION


To understand the need of a rating framework, it is necessary that the influence of word of
mouth and customer recommendation on buying behaviour is understood.
The growing importance of word of mouth:
According to Nielsen, 92% of consumers believe recommendations from friends and family
over all forms of advertising. WOMMA and the American Marketing Association (AMA)
decided to find out exactly what brands were doing about that fact. In a recent study, 64% of
marketing executives indicated that they believe word of mouth is the most effective form of
marketing. However, only 6% say they have mastered it.
Word-of-mouth advertising is important for every business, as each happy customer can steer
dozens of new ones your way. And it's one of the most credible forms of advertising because
a person puts their reputation on the line every time they make a recommendation and that
person has nothing to gain but the appreciation of those who are listening.

(Source: https://moderncomment.com/customer-feedback-stats)
Pratiksha Garnaik, VGSoM, IIT Kharagpur

Page 10

CISO Platform Index

(Source: https://moderncomment.com/customer-feedback-stats)

(Source: https://moderncomment.com/customer-feedback-stats)
Pratiksha Garnaik, VGSoM, IIT Kharagpur

Page 11

CISO Platform Index

Need of a customer-satisfaction based rating framework:


While buying a new product or implementing a new technology in an organisation, we seek
user experience along with expert opinion. But at present, for the field of IT security there is
no analysis present for the products or technologies in different domains. There is no single
place where a customer can go to where all customer recommendations are present based on
different parameters on which buying decisions are made. Thus the product selection process
becomes lengthy. This framework is expected to make the process easier and cut down the
time taken complete the process.
Why do we need a CISO/User satisfaction based product/technology rating framework?
1. CISOs of an organisation can be considered as the most reliable people to provide the
most meaningful verdict for a product used in the organisation
2. With increasing use of social media, feedback from similar users would prove useful
while making a buying decision
3. At present there is no framework for IT security products that is acknowledged
worldwide and is based on user feedback.

Pratiksha Garnaik, VGSoM, IIT Kharagpur

Page 12

CISO Platform Index

OBJECTIVES

Through this project CISO Platform wishes to give its customers an index which they
can use as a quick reference to which product to prefer while making a buying
decision.

Segregating products according to their ratings, both CPI and Analyst ratings into
different buckets will be done.

To feature only those products which have got good ratings in the index.

Parameter-wise mapping of products will also be done so that the user can
segregate products according to his/her priorities.

All the above will be done for all identified domains in the field of Information Security.

Pratiksha Garnaik, VGSoM, IIT Kharagpur

Page 13

CISO Platform Index

LITERATURE REVIEW
People generally take expert opinions as well as user reviews before buying any product.
When it comes to any purchase for an organisation, proper decision-making becomes even
more critical because it affects not only the organisation in which it will be used but also the
customers it would be catering its products or services to. So getting reviews for products
before making a purchase becomes very important.
Some word of mouth facts:
The average consumer mentions specific brands over 90 times per week in conversations with
friends, family, and co-workers. (Keller Fay, WOMMA, 2010)
When asked what sources influence your decision to use or not use a particular
company, brand or product 71% claim reviews from family members or friends exert a
great deal or fair amount of influence. (Harris Interactive, June 2010)
90% of consumers online trust recommendations from people they know; 70% trust opinions
of unknown users. (Econsultancy, July 2009)
The above mentioned facts show that word of mouth has considerable importance on buying
decision. But, it is not always possible that you get feedback for the products you need
through conversations. Thus, the need of a rating framework arises.
Advantages of a rating framework:
1. Common Platform- Ratings collected would be from wide range of industries and a large
number of security professionals. So for a better overview of a products performance can be
helpful.
2. Parameter-wise evaluation- Sometimes some parameters are more important for some
organisations than others. So a framework where parameter-wise ratings are given for
different products can be useful.
3. Comparison with analyst rating- Sometimes only user ratings are not adequate to make a
decision especially when there is lack of sufficient user ratings. Adding a new dimension of
analyst rating would help in making better decisions

Pratiksha Garnaik, VGSoM, IIT Kharagpur

Page 14

CISO Platform Index


4. Quick Guide- A framework would save lot of time and would help in making quick but
nevertheless well-informed decisions.
Many shopping websites have used some form of a rating framework to help their customers
while buying a product. Flipkart, for example, provides an average user rating to each
individual product that it offers for sale on its website. It takes user ratings on a scale of 5 and
provides details like number of users votes and breakup of user ratings. It also provides a
provision of writing user reviews.
Imdb, a rating framework, which rates movies based on viewer feedback, uses a system in
which it takes ratings from viewers on a scale of 1 to 10. It then gives a consolidated average
rating on its websites along with the genre, star cast, synopsis and other details about a
particular movie which helps people to decide on whether to watch a movie or not.

Pratiksha Garnaik, VGSoM, IIT Kharagpur

Page 15

CISO Platform Index

METHODOLOGY
1. Framework building
The framework building started off with defining parameters that a buyer evaluates before
making a decision. Four distinct parameters were identified which generally influence buying
decision of an IT security product. Certain weightage was given to each parameter based on
its influence on buying behaviour. The weightage was decided by taking expert opinion and
interviewing few CISOs.
The following parameters were identified and their respective weightages are also given
below:
a) Features of the product-30%
b) Ease of Implementation-30%
c) Return on Investment/Pricing-10%
d) Support-30%
CPI = (0.3*Feature Rating) + (0.3*Ease of Implementation Rating) + (0.1*ROI Rating)
+ (0.3*Support Rating)

2. Domain Identification
The major domains of IT security products were identified. The product evaluation and
comparison was done domain-wise. The major domains that were identified to which the IT
security products belonged were:
a) Application Security and Testing (AST)
b) Endpoint Security (EPS)
c) Data Loss Prevention (DLP)
d) Distributed Denial of Service (DDoS)
Pratiksha Garnaik, VGSoM, IIT Kharagpur

Page 16

CISO Platform Index


e) Firewall
f) IT Governance, Risk and Compliance (IT GRC)
g) Identity and Access Management (IAM)
h) Intrusion Detection/Prevention System (IDS/IPS)
i) Mobile Security
j) Secure email Gateway
k) Secure Web Gateway
l) Unified Threat Management (UTM)
m) Security Information and Events Management (SIEM)
n) Web Application Firewall (WAF)

3. Data Collection
Data was collected both online and offline. Chief Information Security Officers (CISOs) of
various organisations from different industry verticals were the respondents of the survey.
In the online data collection process, a form was floated online via email to CISOs of various
organisations in which they had to rate the products they had used in their organisations
according to the defined parameters on a scale of 1 to 10, one being the least. They were also
asked to give an overall rating to the products according to their perception. Their names and
organisation to which they belonged to was also collected.
The offline questionnaire was also similar to the online one. The data was collected during
the Decision Summit that happened in New Delhi where huge number of CISOs from across
the country participated for the various seminars, events and training sessions. CISO Platform
was the organiser of the event.

4. Bad data removal


For the online data, appropriate filters were present in the questionnaire, so most of the data
was proper. Improper or bad data if any was removed during data sorting. Offline data had lot
of discrepancies. They were removed during data entry and further data errors were removed
during data sorting.
Pratiksha Garnaik, VGSoM, IIT Kharagpur

Page 17

CISO Platform Index

5. Data Sorting
Data sorting involved:
a) Finding out all unique product names by removing duplicates. A consolidated list of all
products was made for all products
b) Finding vendor names for each individual product if vendor name was not provided by the
respondent
c) Mapping the products to their respective domains for domain-wise analysis.

6. Use of Tool
Microsoft Excel was used for this project. Data filtering, sorting, calculations etc were all
done by various functions of MS Excel. Data plotting using graphs was also done using this
tool.

7. Calculation Methodology
Average ratings were taken for each individual product. A snapshot of the calculation is
given below. Similar procedure was implemented for all domains. The product names have
been masked because of company policies.

For making the graphs to represent the product ratings also Microsoft Excel was used. Graphs
were made to represent the individual parameter rating as well as CPI ratings for different
Pratiksha Garnaik, VGSoM, IIT Kharagpur

Page 18

CISO Platform Index


products in each domain.

8. Analyst Rating
A second dimension of analyst rating was added to the framework. Analyst opinion was
obtained by developing a model in which a rating was given to the products for which ratings
were obtained from the survey as well as for those which there were no ratings but the
products were competent.

This started with studying the Gartner and Forrester reports and thus identifying
prominent products in the particular domain.

Then a score was given to the products according to the products position in the
Gartners Magic Quadrant and Forrester Wave. The score given was calculated by
adding x and y axis values on the Quadrant.

Average was taken for products which were present in both Gartner and Forrester.
For products which were present in only one of them, the score was directly taken.

The identified products must be having their ratings above a certain value to get
featured on the quadrant; they needed to be scaled out of 10. The minimum score was
assumed to be 6. Thus the analyst score was calculated as follows:

Analyst Score = 6 + ((Average Score of Gartner and Forrester/10) * 4)

9. Product Bucket Categorization


CPI ratings were normalized by considering only those products which had CPI >=7 in the
normalized CPI list. The analyst and normalized CPI ratings were then added. Four buckets
of products were formed according to their added ratings:
a) Bucket 1: Colour-CISO Platform Blue- This bucket consists of products which had
added rating more than 10. This includes products which had CPI rating >=7 as well
as an analyst rating. These products are the ones a buyer must keep at a higher priority
while making a buying decision.
b) Bucket 2: Colour- Yellow- This bucket consists of products which had >=average
of added ratings. This bucket may or may not contain products with CPI ratings.
c) Bucket 3: Colour- Grey - This bucket consists of products which had <average of
added ratings. This bucket also may or may not contain products with CPI ratings.
d) Bucket 4: Colour- Red - This bucket consists of products which have CPI
Pratiksha Garnaik, VGSoM, IIT Kharagpur

Page 19

CISO Platform Index


ratings>=7 but do not have analyst rating according to our framework. These products
have got good customer feedback but are not yet popular enough.
A snapshot of the calculation of analyst rating and product bucket categorization is given
below for a particular domain. Similar calculations are done for all identified domains.

Pratiksha Garnaik, VGSoM, IIT Kharagpur

Page 20

CISO Platform Index


RESULTS

Distribution of Responses across Domains- The following graph (Fig. 3) shows the
domain-wise distribution of the responses that were recorded.
Maximum responses were recorded from CISOs for Firewall products followed by
DLP products.

(Fig. 3)

Distribution of companies according to CPIo Of the products for which we calculated the CPI only 14% of products had a
CPI>8.5.
o Majority of products i.e., 65% had CPI in the range of 7 and 8.5
o 21% of products had CPI <7

(Fig. 4)

Pratiksha Garnaik, VGSoM, IIT Kharagpur

Page 21

CISO Platform Index

Domain-wise distribution of CPI rated products- The following graph(Fig. 5)


shows the distribution of products according to CPI across domains.

(Fig. 5)

Pratiksha Garnaik, VGSoM, IIT Kharagpur

Page 22

CISO Platform Index


DOMAIN-WISE ANALYSIS
1. Exhibit 1: Application Security Testing (AST)
Frequency of response for AST Products

Ratings of AST Products according to four different parameters:

Rating of AST products according to CPI

Product Buckets for AST Products

Pratiksha Garnaik, VGSoM, IIT Kharagpur

Page 23

CISO Platform Index


2. Exhibit 2:Endpoint Security(EPS)
Frequency of response for EPS Products:

Ratings of EPS Products according to four different parameters:

Rating of EPS Products according to CPI

Product Buckets for EPS Products

Pratiksha Garnaik, VGSoM, IIT Kharagpur

Page 24

CISO Platform Index


3. Exhibit 3:Data Loss Prevention (DLP)
Frequency of response for DLP Products

Ratings of DLP Products according to four different parameters:

Rating of DLP products according to CPI

33%
67%

CPI<7
CPI>=7

Product Buckets for DLP Products

Pratiksha Garnaik, VGSoM, IIT Kharagpur

Page 25

CISO Platform Index


4. Exhibit 4: Distributed Denial of Service (DDoS)
Frequency of response for DDoS Products

Ratings of DDoS Products according to four different parameters:

Rating of DDoS products according to CPI

Product Buckets for DDoS Products

Pratiksha Garnaik, VGSoM, IIT Kharagpur

Page 26

CISO Platform Index


5. Exhibit 5:Firewall
Frequency of response for Firewall Products

Ratings of Firewall Products according to four different parameters:

Rating of Firewall products according to CPI

Product Buckets for Firewall Products

Pratiksha Garnaik, VGSoM, IIT Kharagpur

Page 27

CISO Platform Index


6. Exhibit 6:IT GRC
Frequency of response for IT GRC Products

Ratings of IT GRC Products according to four different parameters:

Rating of IT GRC products according to CPI

Product Buckets for IT GRC Products

Pratiksha Garnaik, VGSoM, IIT Kharagpur

Page 28

CISO Platform Index


7. Exhibit 7: Identity and Access Management (IAM)
Frequency of response for IAM Products

Ratings of IAM Products according to four different parameters:

Rating of IAM products according to CPI

Product Buckets for IAM Products

Pratiksha Garnaik, VGSoM, IIT Kharagpur

Page 29

CISO Platform Index


8. Exhibit 8:Intrusion Detection/Prevention System (IDS/IPS)
Frequency of response for IDS/IPS Products

Ratings of IDS/IPS Products according to four different parameters:

Support
HP Tippint Point
McAfee IPS
Sourcefire
Symantec HIPS
IBM Proventia IPS

5.50

7.50

9.50

Rating of IDS/IPS products according to CPI

Product Buckets for IDS/IPS Products

Pratiksha Garnaik, VGSoM, IIT Kharagpur

Page 30

CISO Platform Index


9. Exhibit 9:Mobile Security
Frequency of response for Mobile Security Products

Ratings of Mobile Security Products according to four different parameters:

Rating of Mobile Security products according to CPI

Product Buckets for Mobile Security Products

Pratiksha Garnaik, VGSoM, IIT Kharagpur

Page 31

CISO Platform Index


10. Exhibit 10 : Secure email Gateway
Frequency of response for Secure email Gateway Products

Ratings of Secure email Gateway Products according to four different parameters:

Rating of Secure email Gateway products according to CPI

Product Buckets for Secure email Gateway Products

Pratiksha Garnaik, VGSoM, IIT Kharagpur

Page 32

CISO Platform Index


11. Exhibit 11:Secure Web Gateway
Frequency of response for Secure Web Gateway Products

Ratings of Secure Web Gateway Products according to four different parameters:

Rating of Secure Web Gateway products according to CPI

Product Buckets for Secure Web Gateway Products

Pratiksha Garnaik, VGSoM, IIT Kharagpur

Page 33

CISO Platform Index


12. Exhibit 12:UTM
Frequency of response for UTM Products

Ratings of UTM Products according to four different parameters:

Rating of UTM products according to CPI

Product Buckets for UTM Products

Pratiksha Garnaik, VGSoM, IIT Kharagpur

Page 34

CISO Platform Index


13. Exhibit 13:SIEM
Frequency of response for SIEM Products

Ratings of SIEM Products according to four different parameters:

Rating of SIEM products according to CPI

Product Buckets for SIEM Products

Pratiksha Garnaik, VGSoM, IIT Kharagpur

Page 35

CISO Platform Index


14. Exhibit 14:WAF
Frequency of response for WAF Products

Ratings of WAF Products according to four different parameters:

Rating of WAF products according to CPI

Product Buckets for WAF Products

Pratiksha Garnaik, VGSoM, IIT Kharagpur

Page 36

CISO Platform Index


CONCLUSION AND RECOMMENDATIONS

The product buckets for all identified domains were made.

The best products according to the rating framework are present in Bucket 1.

Bucket 1 products are good according to both customer satisfaction rating as well as
analyst rating.

Bucket 2 and Bucket 3 products are other prominent players in the market in the
respective domains, but customer feedback about them is not known.

Key learning from this project:

Data collection, filtering, sorting and mapping techniques for further data analysis

Overview of IT security trends and technologies and the companies that offer various
products in the market in different domains

Event Management: Got an exposure to manage CISO Platform Decision Summit,


2015 (aimed at practical discussions, specific implementations, checklists and metrics
used to help a CISO take better decisions) event by coordinating various pre-event
activities.

Speaker at a customer event of Fortinet, a leading IT security solution provider.

Learnt about 360 degree marketing which includes re-marketing, social marketing etc.

Designing of questionnaires and how to conduct surveys.

Use the simplest of the Info-graphics so that it can be understood by all without the
need of being explained.

Future Scope of Study:

The framework can be made more efficient by collection of more data points by
reaching out to more number of CISOs.

People other than CISOs who have good knowledge of the products that have been
used in their organisations can be selected as respondents.

The framework can be improvised by including frequency of responses in the CPI


calculation formula.

Pratiksha Garnaik, VGSoM, IIT Kharagpur

Page 37

CISO Platform Index

The framework can be automated by standardising and using various database tools
and thus reflection of new data entry easier and faster on the CPI.

The data visualization can be improved to make it more user-friendly.

Pratiksha Garnaik, VGSoM, IIT Kharagpur

Page 38

CISO Platform Index

REFERENCES

[1] Martin Hugh J.[2013], The economics of Word of Mouth: Designing Effective
Social Media Marketing for Magazines

[2]Feiman J. and MacDonald N. [2014]. Gartners Magic Quadrant Report for


Application Security Testing

[3] Firstbrook P., Girard J. and MacDonald N. [2014]. Gartners Magic Quadrant
Report for Endpoint Protection

[4] Ouellete E. [2013]. Gartners Magic Quadrant Report for Content aware Data Loss
Protection

[5] http://ddos-protection-services-review.toptenreviews.com/

[6] Hils A., Young G. and Jeremy D'Hoinne [2015]. Gartners Magic Quadrant
Report for Enterprise Nettwork Firewall.

[7] Witty R. [2014], Gartners Magic Quadrant for Business Continuity Management
Planning Software

[8] Wheeler J. [2014], Gartners Magic Quadrant for Operational Risk Management

[9] Pratap K. [2014], Gartners Market Guide for Audit Management Solutions

[10] Kreizman G. and Wynne N.[2015], Gartners Magic Quadrant for Identity and
Access Management

[11] Hils A., Young G. and D'Hoinne J. [2013], Gartners Magic Quadrant for
Intrusion Prevention Systems

[12] Gartner [2014], Gartners Magic Quadrant for Mobile Data Protection

[13] Firstbrook P. and Lowans B. [2014], Gartners Magic Quadrant for Secure email
gateways

[14] Orans L. and Firstbrook P. [2014], Gartners Magic Quadrant for Secure web
gateways

Pratiksha Garnaik, VGSoM, IIT Kharagpur

Page 39

CISO Platform Index

[15] D'Hoinne J., Hils A. and Greg Young [2014], Gartners Magic Quadrant for
Unified Threat Management

[16] Nicolett M. and Kavanagh K. [2013], Gartners Magic Quadrant for Security
Information and Event Management

[17] D'Hoinne J., Hils A., Young G. and Feiman J. [2014], Gartners Magic Quadrant
for Web Application Firewall

[18] Cser A. and Maxim M. with Balaouras S., Blackborow J. and Dostie P. [2015],
Forrester Wave for Identity and Access Management

[19] Forrester [2015], Forrester Wave for IT GRC

[20] Shields T. with Balaouras S. and Duong J.[2015], Forrester Wave for
Application Security

[21] Holland R. [2012], Forrester Wave for Email Content Security

[22] About CISO Platform from CISO Platform website and blogs
http://www.cisoplatform.com/ (accessed on 27th July,2015)

[23] Word of Mouth statistics from https://moderncomment.com/customer-feedbackstats (accessed on 27th July,2015)

[24] Ambrose C. [2014]. Gartners Magic Quadrant Report for IT Vendor Risk
Management

Pratiksha Garnaik, VGSoM, IIT Kharagpur

Page 40

CISO Platform Index

QUESTIONNAIRE
Please rate the IT Security products that you have used in your organizations based on
the given parameters on a scale of 1 to 10, 1 being the least

Domain

Product
Name

Parameters
Overall
Satisfaction

Feature
Completeness

Ease of
Implementation

ROI

Support

Name:
Organization:

Pratiksha Garnaik, VGSoM, IIT Kharagpur

Page 41

CISO Platform Index

SAMPLE OF COLLECTED DATA


The product names have been masked because of the sensitivity of data and nondisclosure agreement with CISO Platform.
S.No.

Domain

Product Name

1 Firewall
Application
2 Security
3 IDS/IPS
4 IDS/IPS
5 IDS/IPS
Mobile Device
6 Security
DLP/Data
7 Security
DLP/Data
8 Security
End point
9 security
Secure
email/web
gateway,content
10 filtering
11 Firewall
12 Antivirus
Secure
email/web
gateway,content
13 filtering
Application/Data
14 base Security
End point
16 security
Digital Rights
17 Management
Security
Information and
Event
Management/
Incident
18 Response
Application/Data
20 base Security
21 Secure
Pratiksha Garnaik, VGSoM, IIT Kharagpur

Overall

Features

Ease of
Implement
ation

7
8
9
10

7
8
7
10

7
8
5
7

7
8
6
8

7
8
6
7

5
9
8

5
9
8

7
9
8

5
6
8

1
9
8

10

10

10

8
7

7
6

8
8

8
7

8
7

ROI

Support

Page 42

CISO Platform Index

22
23
24
25
26

27
31
39

40
41
43
44
45
46
47
48
49

50

51

52

53
54
55

email/web
gateway,content
filtering
End point
security
DLP/Data
Security
Firewall
Mobile Device
Security
Firewall
Encryption for
servers/storage/
database
IDS/IPS
End point
security
Security
Information and
Event
Management/
Incident
Response
Firewall
DLP/Data
Security
DLP/Data
Security
DLP/Data
Security
Firewall
Firewall
Firewall
Application/Data
base Security
Identity and
Access
Management
Identity and
Access
Management
Identity and
Access
Management
Identity and
Access
Management
End point
security
End point
security

Pratiksha Garnaik, VGSoM, IIT Kharagpur

8
9

8
9

7.5
8

8
8

8
8

9
8

9
8

9
8

9
8

9
8

9
8

9
8

8
8

9
7

9
8

7
7

7
7

7
7

7
7

7
7

5
6
7
7

6
6
7
7

6
5
7
7

5
5
7
7

5
6
7
7

8
Page 43

CISO Platform Index


56
57
58
59
60
61
63
64
68
69
70
71
72
73

74

77
78
85
93
94
95

101
104

105
106
107
108

End point
security
End point
security
Firewall
Firewall
Firewall
DOS(Denial of
Service security)
Application/Data
base Security
Application/Data
base Security
Firewall
DLP/Data
Security
Mobile Device
Security
DLP/Data
Security
DLP/Data
Security
End point
security
Identity and
Access
Management
Secure
email/web
gateway,content
filtering
Firewall
DLP/Data
Security
Firewall
Firewall
Unified Threat
Management
Identity and
Access
Management
DLP/Data
Security
Encryption for
servers/storage/
database
Mobile Device
Security
Firewall
Firewall

Pratiksha Garnaik, VGSoM, IIT Kharagpur

7
8
7
7

7
8
7
7

6
8
7
7

7
7
7
7

7
7
5
7

8
8

8
8

8
8

8
7

8
8

8.5

8.5

8.8

8.4

8.1

8
8

8
9

7
7

6
6

9
9

5
9
8

5
9
7

5
8
8

5
5
6

1
9
8

10

8
8
8

8
8
8

8
8
8

8
7
8

6
6
7

Page 44

CISO Platform Index


109
110
111
112

113

114
115
116
117

118
119
120

121
129

135
136
137

139
140

141

Digital Rights
Management
Application/Data
base Security
IDS/IPS
Firewall
Identity and
Access
Management
Identity and
Access
Management
Application/Data
base Security
DOS(Denial of
Service security)
DLP/Data
Security
Identity and
Access
Management
Firewall
Firewall
Security
Information and
Event
Management/
Incident
Response
Application/Data
base Security
Security
Information and
Event
Management/
Incident
Response
Application/Data
base Security
DLP/Data
Security
Identity and
Access
Management
Firewall
Security
Information and
Event
Management/
Incident
Response

Microsoft IRM

Pratiksha Garnaik, VGSoM, IIT Kharagpur

6
8
6

6
8
4

7
8
9

7
7
8

8
7
7

8
8
8

8
8
9

8
8
7

8
8
8

8
8
8

8.5

8.5

7.5

8.5

8
8

7
7

8
8

7
6

7
6

Page 45

CISO Platform Index

142
143
145

146
147
148
149
150

Security
Information and
Event
Management/
Incident
Response
Firewall
Firewall
Security
Information and
Event
Management/
Incident
Response
Mobile Device
Security
DLP/Data
Security
Application/Data
base Security
Application/Data
base Security

Pratiksha Garnaik, VGSoM, IIT Kharagpur

8
8
8

7
8
7

7
8
7

8
8
7

7
8
8

10

10

Page 46