This template is an operationalization of Aikido Security Cybersecurity checklist for CTOs. It provides a simple, very actionable list of security practices to assess and conform to, especially if you are a SaaS or software solution provider.
Aikido Security practices are categorized into 6 scopes (employees, infrastructure, code, etc.) and 3 stages (bootstrap, startup, scaleup). Our explorer board helps you check those practices to build a first understanding of the scope of the checklist, and which practices apply to your case:
Each card has concrete guidance as well as external links with references about good practices, and links to Aikido's own documentation when their own tools & features fit.
Our assessment board helps you easily assess your current situation for each recommended practice.
The template uses a simple green / orange / red traffic light. We recommend documenting or adapting the proposed scale though, for instance in terms of expected implementation and documentation practices. You can take inspiration from more detailed frameworks, like The CCB's Cyberfundamentals if needed.
For each practice where improvement is needed or non-conformity identified, create an action point:
You can follow all those action points in a Kanban board. You can use the full power of Klaro Cards to follow those actions, prioritize them, assign them to responsible people, limit work in progress to help delivery, etc. Just add the necessary dimensions for your needs.
Once in a while, take a step back with the Step back board. It shows, for each practice, your assessment and open action points. Use filters to explore your current scope, challenge it, extend it, etc. The cycle steps 2, 3 and 4 as needed.
If you need any help in using the Cyberfundamentals framework, our Klaro Cards template, or even conducting a Cybersecurity audit, assessment or follow-up, please reach us at firstname.lastname@example.org or book a call. We have the experts you need.