I decided to explore the power of TreeMap and build a sample ISO 27001 Map with some (random) Risks and Priorities.
Here I played with Risk and Priority (random values), but you can chose what you want .
Metrics I Like to play with :
- Risk – What is the risk degree
- Priority – What are the top priorities
- Compliance – alignment with policies or the regulation
- Cost to comply
- Maturity of the organization
What to do with all of that ?
- The Categories and subcategories are Names .
- Metrics can impact the Size and Color depend of your boxes (you have to make a selection).
“Chose the best display settings will increase your communication, wrong ones can confuse the audience.”
2. Treemap Software
I used the Treemap 4.1 software from http://www.cs.umd.edu/hcil/treemap/
1) 1. Empty Map
Only the Text and the related areas
Bigger the “Priority”, bigger the area
Low risk is Green high is Red.
4) 4. Detail level
You can display General layout and chose the deep of details (major sections, sub-sections).
All the details (Sections and Sub-Sections) like in the previous screen, or only Sections.
6) 6. Filters
7) 7. Colors are not always green and red.
Areas of compliance. Blue is better.
Source File used to generate the output :
- TESTISO27001 (Tab Separator)
Note : This example is only for information. You are not limited to ISO. I personally use this technique to show to the management how our Security Policy is under control and what are the domains under risks.