TreeMap and ISO 27001 (GoogleAPI)

This post is the continuity of Treemap : TreeMap and ISO 27001 (Treemap Software)

Here, I illustrate almost the same, but with the Google API solution. It is really less sexy, but doesn’t need software. Purely for fun.


For this, I used the Google API, section TreeMap.

1) Visual Output

It looks like this, and is ‘dynamic’ (you can zoom on content).
TreeMap ISO 2700x

2) Code

To reproduce this , just copy / paste this code into the Google API Right panel. And Run.

function drawVisualization() {
  // Create and populate the data table.
  var data = new google.visualization.DataTable();
  data.addColumn('string', 'Location');
  data.addColumn('string', 'Parent');
  data.addColumn('number', 'Impact (size)');
  data.addColumn('number', 'Risk (color)');
["Security Policy","Global",0,0],
["Organization of Information security","Global",0,0],
["Asset Management","Global",0,0],
["Human Resource Security","Global",0,0],
["Physical and Environmental Security","Global",0,0],
["Communications and Operations Management","Global",0,0],
["Access control","Global",0,0],
["Information Systems Acquisition Development and Maintenance","Global",0,0],
["Information Security Incident Management","Global",0,0],
["Business Continuity Management","Global",0,0],
["Information Security Policy ","Security Policy",5,2],
["Internal Organization","Organization of Information security",3,2],
["External Parties","Organization of Information security",2,2],
["Responsibility for Assets","Asset Management",1,4],
["Information classification","Asset Management",1,5],
["Prior to Employment","Human Resource Security",1,1],
["During Employment","Human Resource Security",3,3],
["Termination or change of employment","Human Resource Security",5,3],
["Secure Areas","Physical and Environmental Security",1,1],
["Equipment security","Physical and Environmental Security",1,1],
["Operational Procedures and responsibilities","Communications and Operations Management",4,5],
["Third Party Service Delivery Management","Communications and Operations Management",4,4],
["System Planning and Acceptance","Communications and Operations Management",3,5],
["Protection against Malicious and Mobile Code","Communications and Operations Management",4,3],
["Back-Up","Communications and Operations Management",5,5],
["Network Security Management","Communications and Operations Management",3,4],
["Media Handling","Communications and Operations Management",5,1],
["Exchange of Information","Communications and Operations Management",4,1],
["Electronic Commerce Services","Communications and Operations Management",2,3],
["Monitoring","Communications and Operations Management",2,1],
["Business Requirement for Access Control","Access control",2,3],
["User Access Management","Access control",4,2],
["User Responsibilities","Access control",4,2],
["Network Access control","Access control",4,3],
["Operating System Access Control","Access control",4,4],
["Application access control","Access control",2,3],
["Mobile Computing and Teleworking","Access control",4,5],
["Security Requirements of Information Systems","Information Systems Acquisition Development and Maintenance",3,4],
["Correct Processing in Applications ","Information Systems Acquisition Development and Maintenance",4,1],
["Cryptographic controls","Information Systems Acquisition Development and Maintenance",5,4],
["Security of System Files","Information Systems Acquisition Development and Maintenance",1,3],
["Security in Development & Support Processes","Information Systems Acquisition Development and Maintenance",3,2],
["Technical Vulnerability Management","Information Systems Acquisition Development and Maintenance",1,3],
["Reporting Information Security Events and Weaknesses","Information Security Incident Management",1,2],
["Management of Information Security Incidents and Improvements","Information Security Incident Management",4,3],
["Information Security Aspects of Business Continuity Management","Business Continuity Management",3,2],
["Compliance with Legal Requirements","Compliance",5,1],
["Compliance with Security Policies and Standards and Technical compliance","Compliance",2,4],
["Information System Audit Considerations","Compliance",3,5],

  // Create and draw the visualization.
  var treemap = new google.visualization.TreeMap(document.getElementById('visualization'));
  treemap.draw(data, {
    minColor: 'red',
    midColor: '#ddd',
    maxColor: '#0d0',
    headerHeight: 15,
    fontColor: 'black',
    showScale: true});

Be the first to comment

Leave a Reply

Your email address will not be published.