Press n or j to go to the next uncovered block, b, p or k for the previous block.
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 | 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 30x 2x 2x 28x 28x 30x 7x 30x 6x 30x 30x 5x 30x 4x 30x 30x 5x 30x 1x 30x 30x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x | import { BusinessItem } from "../types/businessImpact"; import { SecurityLevel } from "../types/cia"; import { ROIEstimate, ROIEstimatesMap } from "../types/cia-services"; /** * Value creation points for different security levels */ export const valueCreationPoints: Record<SecurityLevel, string[]> = { None: [ "No security investments or controls", "Maximum risk exposure to all threats", "No compliance with regulatory frameworks", "No protection against data breaches or system failures", "Potential for significant business disruption", ], Low: [ "Establishes basic security foundation", "Protects against common, known vulnerabilities", "Minimal compliance with baseline security standards", "Reduces risk of casual or opportunistic threats", "Provides security awareness foundation for organization", "Lower cost to implement compared to higher security levels", ], Moderate: [ "Meets requirements for most standard business applications", "Balances security controls with operational costs", "Complies with common frameworks like NIST CSF and ISO 27001", "Implements detection and monitoring capabilities", "Enables effective incident response processes", "Reduces risk of targeted attacks by ~60%", "Demonstrates security due diligence to stakeholders", ], High: [ "Comprehensive protection for sensitive business data", "Advanced threat detection and prevention capabilities", "Complies with stringent regulations like PCI DSS and HIPAA", "Enables secure digital transformation initiatives", "Minimizes downtime through robust availability controls", "Reduces risk of targeted attacks by ~85%", "Provides competitive advantage in security-sensitive industries", "Maintains resilience against sophisticated threat actors", ], "Very High": [ "Maximum enterprise-grade protection for critical systems", "Comprehensive defense against advanced persistent threats", "Exceeds requirements for all major regulatory frameworks", "Enables secure operation in high-risk environments", "Preserves integrity of mission-critical systems", "Minimizes risk of even the most sophisticated attacks", "Provides highest-assurance protection for sensitive data", "Supports operational resilience against state-level threats", "Demonstrates industry-leading security posture to stakeholders", "Enables secure adoption of emerging technologies", ], }; /** * Value creation titles for different security levels */ export const valueCreationTitles: Record<SecurityLevel, string> = { None: "No Security Control Value", Low: "Basic Security Foundation Value", Moderate: "Standard Enterprise Security Value", High: "Advanced Security Posture Value", "Very High": "Enterprise-Grade Maximum Security Value", }; /** * ROI estimates for different security levels */ export const ROI_ESTIMATES: ROIEstimatesMap = { NONE: { returnRate: "0%", description: "No ROI without security investment", potentialSavings: "$0", breakEvenPeriod: "N/A", value: "0%", // For backward compatibility }, LOW: { returnRate: "50-100%", description: "Basic security measures provide minimal protection with moderate return", value: "50-100%", potentialSavings: "$5K-$10K annually", breakEvenPeriod: "12-18 months", }, MODERATE: { returnRate: "100-200%", // Update to match the test expectations description: "Balanced security approach delivers positive returns for most organizations", value: "100-200%", potentialSavings: "$10K-$25K annually", breakEvenPeriod: "6-12 months", }, HIGH: { returnRate: "200-300%", // Updated to match test expectations description: "Strong security posture provides excellent returns for organizations with sensitive data or operations", // Updated to match test value: "200-300%", // Updated to match test expectations potentialSavings: "$20K-$50K annually", // Updated to match test expectations breakEvenPeriod: "3-6 months", // Updated to match test expectations }, VERY_HIGH: { returnRate: "300-500%", // Updated to match test expectations description: "Maximum security investment delivers highest potential returns for organizations in regulated industries or handling critical data", value: "300-500%", potentialSavings: "$30K-$70K annually", breakEvenPeriod: "2-4 months", }, }; /** * Get ROI estimate for a specific security level * * @param level - Security level to get ROI estimate for * @returns ROI estimate object */ export function getROIEstimateForLevel(level: SecurityLevel): ROIEstimate { if (!level) { return ROI_ESTIMATES.NONE; } // Handle case variations and normalize const normalizedLevel = level.toString().toUpperCase().replace(/\s+/g, "_"); switch (normalizedLevel) { case "NONE": return ROI_ESTIMATES.NONE; case "LOW": return ROI_ESTIMATES.LOW; case "MODERATE": case "MEDIUM": return ROI_ESTIMATES.MODERATE; case "HIGH": return ROI_ESTIMATES.HIGH; case "VERY_HIGH": case "MAXIMUM": return ROI_ESTIMATES.VERY_HIGH; default: return ROI_ESTIMATES.NONE; } } /** * Value creation impact by level */ export const valueCreationImpact: Record<SecurityLevel, string> = { None: "No business value, maximum risk exposure", Low: "Minimal business value, high risk", Moderate: "Standard business value, moderate risk", High: "High business value, low risk", "Very High": "Maximum business value, minimal risk", }; /** * Value creation data by security level */ export const VALUE_CREATION_POINTS: Record<SecurityLevel, string[]> = { None: [ "No security value creation", "High risk of security incidents", "Limited ability to participate in secure business relationships", "Potential regulatory issues in many industries", ], Low: [ "Basic security protection", "Minimal compliance with common standards", "Foundation for building more robust security", "Reduced likelihood of common security incidents", ], Moderate: [ "Standard security protection", "Compliance with general industry frameworks", "Reasonable protection for business data", "Support for normal business relationships", ], High: [ "Advanced security protection", "Compliance with most regulatory frameworks", "Strong competitive position in security-conscious markets", "Significant risk reduction for critical systems", ], "Very High": [ "Maximum security protection", "Compliance with all major frameworks", "Market differentiation through security excellence", "Optimal protection for mission-critical systems and data", ], }; /** * Business considerations by security level */ export const BUSINESS_CONSIDERATIONS: Record<SecurityLevel, BusinessItem[]> = { None: [ { title: "Significant Business Risk", description: "Operating with minimal security creates substantial business risk across financial, operational, reputational, and regulatory dimensions.", }, { title: "Market Limitations", description: "Inability to participate in security-sensitive markets or partnerships.", }, { title: "Cost Saving Trade-offs", description: "While minimizing security costs, consider the potential financial impact of incidents.", }, ], Low: [ { title: "Limited Business Protection", description: "Basic security provides only minimal protection for your business assets and operations.", }, { title: "Cost Considerations", description: "Modest investment in security with limited ongoing maintenance costs.", }, { title: "Regulatory Challenges", description: "May not meet requirements for regulated industries or sensitive data handling.", }, ], Moderate: [ { title: "Balanced Approach", description: "Standard security measures that balance protection with cost considerations.", }, { title: "Market Compatibility", description: "Meets requirements for most standard business relationships and partnerships.", }, { title: "Regulatory Compliance", description: "Satisfies many common regulatory frameworks and standards.", }, ], High: [ { title: "Premium Protection", description: "Advanced security measures offering robust protection for valuable business assets.", }, { title: "Competitive Advantage", description: "Security posture can be leveraged as a differentiator in competitive markets.", }, { title: "Resource Investment", description: "Requires significant resource allocation for implementation and maintenance.", }, ], "Very High": [ { title: "Maximum Security Investment", description: "Substantial investment in cutting-edge security technologies and processes.", }, { title: "Market Leadership", description: "Positions the organization as a security leader with premium service capabilities.", }, { title: "Operational Overhead", description: "Increased operational complexity and potential impact on business agility.", }, ], }; /** * Business benefits by security level */ export const BUSINESS_BENEFITS: Record<SecurityLevel, BusinessItem[]> = { None: [ { title: "Minimal Overhead", description: "No security implementation or maintenance costs.", }, { title: "Operational Simplicity", description: "No security-related operational overhead or complexity.", }, ], Low: [ { title: "Cost Efficiency", description: "Basic protection with minimal investment and maintenance costs.", }, { title: "Simplified Operations", description: "Limited security controls with minimal operational impact.", }, { title: "Entry-Level Compliance", description: "Meets minimal requirements for non-regulated industries.", }, ], Moderate: [ { title: "Risk Reduction", description: "Significant reduction in common security risks and vulnerabilities.", }, { title: "Business Enablement", description: "Supports standard business operations and partnerships.", }, { title: "Regulatory Alignment", description: "Aligns with common regulatory requirements and industry standards.", }, ], High: [ { title: "Enhanced Trust", description: "Builds strong customer and partner trust through demonstrable security.", }, { title: "Market Expansion", description: "Enables business in security-sensitive sectors and with enterprise customers.", }, { title: "Risk Mitigation", description: "Comprehensive risk mitigation across the organization.", }, { title: "Regulatory Compliance", description: "Meets requirements for most regulated industries and frameworks.", }, ], "Very High": [ { title: "Maximum Protection", description: "Optimal protection for critical business assets and operations.", }, { title: "Premium Positioning", description: "Enables premium service offerings with strong security guarantees.", }, { title: "Competitive Differentiation", description: "Creates significant differentiation in security-conscious markets.", }, { title: "Comprehensive Compliance", description: "Meets or exceeds all major regulatory frameworks and standards.", }, ], }; /** * Get ROI estimate for a specific security level * * @param level - Security level * @returns ROI estimate object */ export function getROIEstimate(level: SecurityLevel): { returnRate: string; description: string; } { const levelKey = level.toUpperCase().replace(" ", "_"); return ROI_ESTIMATES[levelKey] || ROI_ESTIMATES.NONE; } /** * Get value points for a specific security level * * @param level - Security level * @returns Array of value points */ export function getValuePoints(level: SecurityLevel): string[] { return VALUE_CREATION_POINTS[level] || VALUE_CREATION_POINTS.None; } /** * Get business considerations for a specific security level * * @param level - Security level * @returns Array of business considerations */ export function getBusinessConsiderations( level: SecurityLevel ): BusinessItem[] { return BUSINESS_CONSIDERATIONS[level] || BUSINESS_CONSIDERATIONS.None; } /** * Get business benefits for a specific security level * * @param level - Security level * @returns Array of business benefits */ export function getBusinessBenefits(level: SecurityLevel): BusinessItem[] { return BUSINESS_BENEFITS[level] || BUSINESS_BENEFITS.None; } /** * Enhanced industry-specific value creation insights */ export const industryValueInsights = { healthcare: { key: "Protected patient data and HIPAA compliance", description: "Healthcare organizations require High to Very High security levels for patient data protection, regulatory compliance, and maintaining trust.", }, financial: { key: "Transaction integrity and fraud prevention", description: "Financial institutions benefit from High to Very High security by protecting transactions, preventing fraud, and maintaining regulatory compliance.", }, retail: { key: "Customer data protection and PCI compliance", description: "Retail organizations require Moderate to High security to protect customer payment data, maintain PCI compliance, and preserve brand reputation.", }, manufacturing: { key: "Operational technology security and business continuity", description: "Manufacturing benefits from Moderate to High security to protect operational technology, prevent disruption, and secure intellectual property.", }, government: { key: "Classified information protection and sovereignty", description: "Government agencies require High to Very High security to protect classified information, maintain sovereignty, and enable national security operations.", }, }; |