ISF ASSURE

ISF Assure is a comprehensive framework developed by the Information Security Forum (ISF) to help organizations establish, maintain, and improve robust information security management systems

The problem

People didn’t start a business because they didn’t have access to business tools – 29%. They are unsure how to work with the tools/technology needed to run a business – 26%. They didn’t have enough time for a new venture – 25%, and they didn’t have support from friends, family and peers – 23%.

The Product

BeOwner is a Toronto-based organization that helps entrepreneurs to start a business. The organization needs a tool to help people get up and run a business. BeOwner’s primary target includes people between 20-50-year-old that have a business idea and don’t know how to start, get mentorship, obtain finances and build a professional network to make them successful.

The Goal

Design an app and responsive website that will help people with access to information, advice, finances, tools and a business network to start and run a successful business. All of these will be available in one place, in person, and over the internet.

Responsibilities

I conducted interviews and created paper and digital wireframing and low and high-fidelity prototyping. Also, conducting usability studies, accounting for accessibility, iterating on designs, determining information architecture, and responsive design.

My Role:

UX designer leading the CinemaMovie responsive website design

Software:

Figma, Adobe Illustrator, Adobe Photoshop, Miro

Aug. to Sept. 2022

Duration:

Google UX Design

Project:

This is some text inside of a div block.
The Problem

The story of ISF ASSURE

ISF Assure was originally conceived as a powerful platform designed to empower organisations with robust cybersecurity tools and methodologies. However, as the platform evolved, it became clear that users were struggling to fully harness its potential. The complexity of certain tools, fragmented user experience, and lack of clear guidance were creating barriers to effective implementation.

Recognising these challenges, the ISF team set out on a mission to redesign the customer journey. Their goal was to create a more intuitive, integrated, and supportive experience that would not only simplify the adoption of ISF tools but also empower users to take a holistic approach to cybersecurity with confidence and clarity.

The Challenge

Issues that needed to be addressed

The ISF tools team presented a business case for the upgrade of Assure portal 1 to Assure portal 2. It was an end-to-end solution designed to lift our approach to promoting, demonstrating and empowering users with integrated ISF tools, methodologies and aligned materials.

Issue # 1

The process of implementing the tools, feels overwhelming. There’s no clear, step-by-step journey that I can follow, and the platform doesn’t offer a modular approach that would allow me to tackle the implementation in manageable phases.

Issue #2

The ISF tools on the platform don’t feel fully integrated. I often find myself jumping between different sections and resources, This fragmented experience is frustrating and makes it hard to adopt a comprehensive approach to cybersecurity.

Issue #3

There aren’t many options for customisation.
I would love to set up my dashboard with quick links to the tools and reports I use most frequently

Design Review

Opportunity Mapping

Oppotunity #1

To Develop a personalised dashboard that highlights relevant content, upcoming events, and recommended resources based on the member’s profile and interests. Customisable notification settings can ensure members receive timely updates on topics they care about.

Opportunity #2

Establish dedicated support teams to assist members with navigating the platform, accessing resources, and utilizing tools effectively. Prompt and personalized support can significantly enhance the member experience.

Opportunity #3

Implement regular feedback mechanisms, such as surveys and suggestion boxes, to gather input from members on their experiences and needs. Actively responding to feedback and making improvements based on member suggestions can boost satisfaction and engagement.

Design & Research Tool kit

Figma
Photoshop
Sketch
invision
Maze
User personas

Our Audience

Persona #1

Chief Information Security Officers (CISOs): CISOs are responsible for overseeing an organization's information security strategy. ISF Assure provides them with tools, frameworks, and insights to develop and implement effective security policies, manage risks, and ensure compliance with industry standards​​.

Persona #2

Information Security Managers: These professionals manage the day-to-day operations of an organization’s information security. They use ISF Assure to access best practices, conduct risk assessments, and stay informed about emerging threats and mitigation strategies​ (Information Security Forum)​.

Persona #3

Risk and Compliance Officers: These individuals ensure that an organisation complies with relevant laws, regulations, and standards. ISF Assure offers resources to help them navigate complex regulatory environments, manage compliance, and maintain robust risk management practices​.

Persona #4

Security Analysts: Analysts are on the front lines of identifying and responding to security threats. They can use ISF Assure to access the latest threat intelligence, research reports, and technical guidance to enhance their threat detection and response capabilities​​.

Research

Competitors

Insight #1

Simplified navigation, clear hierarchies, and intuitive layouts help users find what they need quickly and reduce cognitive load. ISF Assure could benefit from a similar approach by streamlining its design to make the user experience more accessible, especially for complex tools like IRAM2.

Insight #2

Competitors often include built-in tutorials, guided walkthroughs, and contextual help directly within the platform. This approach helps users understand how to use tools effectively without needing to leave the platform or consult external resources.

Insight #3

Competitor platforms increasingly allow users to customize their experience by selecting and arranging modules or components based on their specific needs. Adopting a modular design in ISF Assure would enable users to implement tools in a phased manner, reducing the feeling of being overwhelmed and promoting a more personalized experience.

User interviews

Listening and understanding

In total, we spoke to 25 different ISF members from three categories: Single-Tool Users, Multi-Tool Users, and Comprehensive Tool Users. All users prioritised seeing risk result data and identifying gaps in their cybersecurity regime.

However, we soon learned that Single-Tool Users were more interested in seeing how the tool could streamline specific tasks or address immediate needs in their current processes.

Multi-Tool Users wanted to see how the different tools could integrate and provide a more cohesive overview of their security posture.

Comprehensive Tool Users, on the other hand, were focused on leveraging the full suite to gain deep insights, track progress over time, and ensure that all aspects of their cybersecurity strategy were being effectively managed and optimised.

#1 Key issue identified

Users often find the platform's interface complex and not very intuitive. The difficulty in navigating through the vast amount of content and finding specific resources quickly can be frustrating.

#2 Key issue identified

There are occasional problems with logging in and maintaining session integrity. Users sometimes report difficulties with the login process, such as forgotten passwords or issues with accessing their accounts despite entering correct credentials.

#3 Key issue identified

A need to develop and demonstrate a light version of the tool kit to help users who require less complex solutions, ensuring accessibility and ease of use.

#4 Key issue identified

An urgent need for a clear, transparent roadmap system development to guide stakeholders through our tool evolution.

#5 key issue

Users not fully benefiting from the comprehensive suite of tools available, leading to underutilisation and missed opportunities for enhanced security.

ISF ASSURE

Site Map

Design

The Solution

A new color palette was introduced alongside updated labeling and a navigation tab, making it easier for members to identify the different tools available for uploading information. This enhancement allows members to more efficiently access and contribute to the ISF Assure dashboard, directly influencing their confidentiality score and overall security assessment.

By redesigning the ISF from the ground up, we were able to bring in the most relevant information, including top security risks, threat types, the maturity of frameworks that have risks associated to them and historical maturity data, allowing members to analyse different types of risks determining whether they are accidental, adversarial or environmental.

Top risks have been categorised and coloured into 5 main sections including; Social Engineering, Ransomware, Access or Privilege Misuse, Physical and Compromised/Weak Credentials. Users can access a timeline to see how severe the threat is and set a course of action, choosing either to accept the risk, manage the risk or offset the risk.

Alerts allow you to access and manage threats in real time, providing immediate notifications of potential security incidents. This enables organizations to respond quickly, mitigating risks before they escalate into more serious issues. By staying informed through real-time alerts, you can take proactive measures to protect your systems and data, ensuring a robust and resilient cybersecurity posture.

Outcome

#1 Managing Unexpected Reactions

In the Cyber Security industry, trust is everything. Even small changes to the digital experience can have significant impacts. During the ISF Assure project, we faced the challenge of gaining peoples trust when redesigning product features and introducing new items that users wern't familiar with. Our solution was to introduce a step by step list of instructions that were interactive so that users could test and play with the portal.

#2 Navigating Complex Systems

ISF Assure is built on a foundation of interconnected microservices and legacy systems, making any modification a complex task. Despite careful planning, we frequently encountered unforeseen obstacles that required quick thinking and adaptability. The ability to reassess and adjust our approach was critical to keeping the project on track. There were many instances where our team had to come together to brainstorm alternative solutions when the original plans didn’t pan out. This flexibility was key to overcoming technical challenges and successfully delivering the project.

#3 Systematic Design Approach

A systematic approach to design was a central focus in the ISF Assure project. We prioritised the user experience by carefully considering which elements were most important in each context. By leveraging existing components from the ISF Design System, which were already tested for accessibility and usability, we ensured consistency and efficiency. While creating new UI elements was tempting, refining existing ones helped us improve both our features and the overall product.

#4 Understanding User Journeys

A deep understanding of user journeys was crucial to the success of the ISF Assure project. Users interacted with the platform for a variety of reasons - whether to understand relevant threats, how to offset these threats, or the damage rating these threats might have on organisations if carries out. We found that some users preferred managing their environmental, adverserial and accidental threats directly through the app, while others began their journey through other ISF Tools. Recognising these diverse entry points and tailoring the experience accordingly was essential to meeting our users’ needs effectively.

#5 Embracing Diverse Perspectives

Throughout the ISF Assure project, gathering and considering diverse perspectives proved to be invaluable. We engaged with a range of stakeholders, including internal teams, external partners, and, most importantly, our users. Feedback from beta testers and early adopters was crucial in refining our design. Social media conversations and direct user input provided important insights—sometimes praising our work, other times highlighting areas for improvement. These diverse perspectives helped us iterate and enhance the product, ensuring it met the high standards our users expect.

See More
Copyright 2024
Charles Cross UX Design