blog home | jeff's home | vCISO services

Jeff Bryner .:. blog

Jeff's blog on infosec and other topics

12 May 2019

Qui Vive: A new risk framework

by Jeff


I know right? Another risk framework?! This one focuses not on the what but the why.

If you are like me, you see infosec folks all too often getting stuck in the what lane.

We are deplying a new EDR system! 
Just finished buying a new SIEM!

While these base infrastructure pieces are important, it can be hard to explain why they are important without a framework to allow you to tie these back to business impact/need. This is where Qui Vive can help.

Qui Vive: what’s in a name?

Qui Vive comes from the ‘who goes there’ call of the French Sentinel and signifies a state of heightened vigilance, and watchfullness.

This framework is meant to give you the same heightened awareness of why you are doing what you are doing.

The big idea

I’m a fan of the NIST Cybersecurity Framework (except the cyber part, but that’s a pet peeve). It’s categorization of infosec work into Identify, Protect, Detect, Respond, Recover effectively covers all activities in an easily relatable structure.

Qui Vive takes this framework and uses your own rating of your progress in the NIST CSF as an indicator of likelihood. Coupling that with Impact, Assets and Threats gives you a view into your state of affairs in an approachable methodology that you can use to explain why you are engaged in an infosec project.

The Framework

Here’s a link to the base, starter spreadsheet for Qui Vive.

The process is as follows:

You can then use this as a planning tool for areas that need further focus or prioritization. Since it’s a simple spreadsheet, you can fully customize the rankings, risk calc, etc.

Here’s an image of an in progress Qui vive session: semi-complete Qui Vive

Next steps & feedback

Grab yourself a copy here, give it a go with ratings for your environment and let me know how it works, what can be improved, things that aren’t clear, etc. Best bet is to open issues in the github repo.

tags: infosec - risk - framework