Blue Lava

Blue Lava is a SaaS platform, designed with, by, and for CISOs, that offers a holistic solution for security professionals to manage security programs. CISOs can take a control framework-focused approach or a risk-focused approach to assessing the current state and maturity of the organization or individual areas of the organization. With copy and clone features, Blue Lava provides a consistent method for repeating assessments year over year, quarter over quarter, or at any cadence. Likewise, as subject matter experts update responses, they can also provide links to updated evidence as verification. Blue Lava does not directly capture evidential artifacts but rather captures only contextual attributes such as the name, owner, link and expiration dates for the evidence. This gives CISOs full security and access control permissions over the original content and allows the subject matter experts the ability to quickly and easily provide proof of their responses for each assessment. Once the security team has baselined the program with requirements and risk information, Blue Lava supports the triage and management of gaps and deficiencies identified from the baseline assessment. Blue Lava automatically creates findings from any unmet requirement, populates recommendations for closure, and provides pre-templated views to review and assign findings for remediation or risk acceptance. This includes out-of-the-box themed views to rank and order the resulting findings by maturity, by common themes, or prioritized by risk. During this triage process, Blue Lava natively supports simulation functionality to group findings into different scenarios for remediation or risk acceptance. Using this functionality CISOs can prioritize individuals or groups of findings to be placed into projects for management and remediation. The simulations functionality reviews priority and any provided resource needs for people, technology, and time to remediate the associated findings. The simulations engine then calculates the potential NIST coverage scores and BL CMM maturity levels that would be achieved if all findings were remediated. This allows CISOs to predict which projects would be best to fund to achieve an increase in NIST score, and maturity or to optimize limited resources across different potential projects. As Findings are prioritized and marked for remediation, CISOs can leverage integrations to existing ticketing tools, such as Jira Cloud, to bidirectionally manage the workflow of the finding through closure and remediation. This allows organizations to maintain the existing process and communication channels for managing gaps and issues without having to log into separate tools or manage multiple workflow processes. Once findings are aggregated into projects, using the simulations algorithm to create different project scenarios or using the different pre-populated themed views, security program owners can assign ownership and add resourcing and staffing information to projects for remediation. These tactical projects natively can roll into higher-level strategic action plans that make up the goals and Initiatives for the security program. CISOs can, therefore, directly identify, document, track, manage, and report on their objectives and key results (OKRs) and strategic goals and initiatives for the program using the Blue Lava platform. Natively the progress, status, and percent complete for each of these initiatives can be dynamically viewed, managed, and presented using the Blue Lava roadmaps functionality. This presentation-ready visualization allows CISOs to dynamically select different areas of the business, key initiatives, and attributes of that initiative to share with various stakeholders.