Assessment of controls, their level of implementation, and their effectiveness are all essential to risk assessment. BALLAST’s flexible architecture already helps you assess controls from a myriad of frameworks to understand the degree to which those controls affect risk, but now we are extending the functionality to give you more insight into possible compliance gaps.

We have just kicked-off development on our next set of new features for BALLAST, and many of them center around control gap analysis and implementation. Here are a few highlights of what you can expect to see in the next release.

Control Implementation Score. A new Control Implementation Score is being added to both assessments and dashboard reporting. On assessments, the Control Implementation Score will be displayed, once all control questions have been answered for a given threat. The score will indicate the percentage of controls that were answered “fully in place” to better inform your decision in rating the Likelihood of a threat event occurring. Similarly, a new chart will be added to the dashboard reporting for assessments that will provide an at-a-glance view of the level of implementation for all controls; whether they are fully in place, partially in place, or not in place. Better visibility into the state of implementation for controls will help you to track the overall adherence to security and regulatory standards and maturity of your security program.

Control Gap Analysis. Have you ever wondered how your control set stacks up against some of the other major control frameworks, such as ISO, NIST, or HIPAA? Well, with our next release of BALLAST, you will be able to perform control gap analysis to other select frameworks, based on the answers to related controls in your risk assessments. This crosswalk functionality will be initially released for our publicly available threat packages, but we will continue to expand on this functionality over time.

Control Level Assignments. Currently, within BALLAST, control questions are bundled into threats that they are designed to mitigate, and they are assigned at the threat level. However, sometimes it is necessary to delegate specific controls to the person in your organization who is in the best position to assess that control. So, with our next release, you will be able to assign at the control level to allow you to get more granular with your assignments. This feature will give you the added flexibility to delegate controls to the correct stakeholder within your organization.

These features, and more, are currently in development. Stay tuned for more information on the go-live date for these exciting new features.