This project is the “Qualtrics Risk Analysis”. This project was started to create an easy to use questionnaire that could be used by both IT professionals and non-professionals alike. The questionnaire uses the NIST 800-53 framework. This questionnaire has been created for a cybersecurity committee.
This semester’s project goals were to:
- Update the questionnaire
- Reduce the number of questions
- Reduce the amount of time it takes to complete the questionnaire
- Design and implement a scoring and feedback system that provides a response at the end in the form of a risk matrix
This project included a good amount of research to design a method to incorporate this scoring and displaying in Qualtrics. This phase of the project focused on the feedback system. The feedback system consisted of (1) scoring, (2) embedded data, (3) piped text, and (4) display logic. All four configurations had to be completed for each question in the questionnaire. Each question received its own risk matrix. The risk matrices include the (1) risk, (2) vulnerability, (3) threat, (4) risk summary, (5) risk likelihood rating, (6) risk impact rating, (7) overall risk rating, (8) analysis of relevant controls/other factors, and (9) recommendations.
Project results:
The project was completed in late April 2019. Funding has been approved for pilot testing to begin in May 2019. The questionnaire was updated with a reduction in time to complete and the number of questions included. The feedback system has been completed and implemented. Each question received a detailed risk matrix including the categories outlined above. The following was completed:
- The questionnaire was reduced by 40 questions
- The questionnaire takes about 15 minutes less to complete now than before
- Every question is included in a risk matrix and detailed
- Updated design
- Updated front page image
- Updated flow and format
Project Student: Dylan Wolfe