@threatcaptain/tc-reports 0.2.14 → 0.2.15
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +55 -64
- package/dist/index.cjs.map +1 -1
- package/dist/index.js +55 -64
- package/dist/index.js.map +1 -1
- package/dist/styles.css +1 -1
- package/package.json +1 -1
package/dist/index.cjs
CHANGED
|
@@ -51360,6 +51360,44 @@ const MitreAttack = ({ breachData, overallLikelihood }) => {
|
|
|
51360
51360
|
] })
|
|
51361
51361
|
] });
|
|
51362
51362
|
};
|
|
51363
|
+
const groupTitles = {
|
|
51364
|
+
basic: "Basic Controls (Implementation Group 1)",
|
|
51365
|
+
foundational: "Foundational Controls (Implementation Group 2)",
|
|
51366
|
+
organizational: "Organizational Controls (Implementation Group 3)"
|
|
51367
|
+
};
|
|
51368
|
+
const groupDescriptions = {
|
|
51369
|
+
basic: "Must-have cybersecurity hygiene controls that should be implemented by all organizations (Controls 1-6).",
|
|
51370
|
+
foundational: "Deeper technical safeguards for organizations with moderate cybersecurity programs (Controls 7-16).",
|
|
51371
|
+
organizational: "Governance and process controls for mature organizations with dedicated security teams (Controls 17-18)."
|
|
51372
|
+
};
|
|
51373
|
+
const controlLevels = {
|
|
51374
|
+
basic: [1, 2, 3, 4, 5, 6],
|
|
51375
|
+
// IG1 - Basic hygiene controls
|
|
51376
|
+
foundational: [7, 8, 9, 10, 11, 12, 13, 14, 15, 16],
|
|
51377
|
+
// IG2 - Deeper technical safeguards
|
|
51378
|
+
organizational: [17, 18]
|
|
51379
|
+
// IG3 - Governance and process controls
|
|
51380
|
+
};
|
|
51381
|
+
const serviceDescriptions = {
|
|
51382
|
+
1: "Maintain an up-to-date, automated inventory of all hardware assets across the client environment, with real-time discovery and change tracking.",
|
|
51383
|
+
2: "Discover and track all installed software, enforce approved application lists, and remove or remediate unauthorized or outdated software.",
|
|
51384
|
+
3: "Implement and manage data encryption, DLP policies, and secure backup processes to safeguard sensitive information in transit and at rest.",
|
|
51385
|
+
4: "Deploy, enforce, and audit standardized hardening baselines for operating systems and applications to eliminate insecure default settings.",
|
|
51386
|
+
5: "Provision, modify, and decommission user and service accounts, enforce password policies, and regularly review privileges.",
|
|
51387
|
+
6: "Configure and maintain least-privilege access, multi-factor authentication, and role-based permissions across systems and applications.",
|
|
51388
|
+
7: "Perform scheduled vulnerability scans, prioritize detected issues, and coordinate patching or mitigation workflows.",
|
|
51389
|
+
8: "Collect, centralize, and analyze system and security logs from endpoints, servers, and network devices for threat detection and compliance.",
|
|
51390
|
+
9: "Deploy and manage email filtering, anti-phishing measures, and web-content filtering to block malicious messages and sites.",
|
|
51391
|
+
10: "Install, configure, and monitor endpoint anti-malware/EDR solutions to detect, quarantine, and remediate malicious code.",
|
|
51392
|
+
11: "Design, implement, and test backup and restore procedures to ensure rapid recovery from data loss or ransomware events.",
|
|
51393
|
+
12: "Monitor, configure, and maintain routers, switches, and firewalls for performance, availability, and secure configurations.",
|
|
51394
|
+
13: "Deploy IDS/IPS or NDR solutions, continuously monitor network traffic for anomalies, and respond to potential intrusions.",
|
|
51395
|
+
14: "Provide ongoing phishing simulations, interactive training modules, and compliance reporting to educate end users.",
|
|
51396
|
+
15: "Assess, onboard, and continuously monitor the security posture of third-party vendors and partners.",
|
|
51397
|
+
16: "Conduct automated and manual code scans, secure code reviews, and application hardening to identify and fix vulnerabilities.",
|
|
51398
|
+
17: "Develop, test, and execute incident response playbooks, coordinate investigations, and manage post-incident reporting.",
|
|
51399
|
+
18: "Perform periodic internal and external penetration tests, simulate real-world attacks, and deliver detailed remediation guidance."
|
|
51400
|
+
};
|
|
51363
51401
|
const BreachLikelihood = ({ reportData }) => {
|
|
51364
51402
|
var _a;
|
|
51365
51403
|
const { clientData, securityAssessment, breachData } = reportData;
|
|
@@ -51451,70 +51489,23 @@ const BreachLikelihood = ({ reportData }) => {
|
|
|
51451
51489
|
/* @__PURE__ */ jsxRuntime.jsx("h2", { className: "text-2xl font-bold text-slate-900 mb-2", children: "Understanding Your Numbers" }),
|
|
51452
51490
|
/* @__PURE__ */ jsxRuntime.jsx("p", { className: "text-slate-600", children: "How We Calculate Your Risk" })
|
|
51453
51491
|
] }),
|
|
51454
|
-
/* @__PURE__ */ jsxRuntime.
|
|
51455
|
-
/* @__PURE__ */ jsxRuntime.
|
|
51456
|
-
|
|
51457
|
-
|
|
51458
|
-
/* @__PURE__ */ jsxRuntime.jsxs(
|
|
51459
|
-
|
|
51460
|
-
|
|
51461
|
-
"
|
|
51462
|
-
|
|
51463
|
-
|
|
51464
|
-
|
|
51465
|
-
|
|
51466
|
-
|
|
51467
|
-
|
|
51468
|
-
|
|
51469
|
-
|
|
51470
|
-
|
|
51471
|
-
"% chance based on ",
|
|
51472
|
-
currentProtection,
|
|
51473
|
-
"% protection implementation"
|
|
51474
|
-
] })
|
|
51475
|
-
] })
|
|
51476
|
-
] }),
|
|
51477
|
-
/* @__PURE__ */ jsxRuntime.jsxs("div", { className: "border-2 border-slate-200 rounded-lg p-6", children: [
|
|
51478
|
-
/* @__PURE__ */ jsxRuntime.jsx(lucideReact.DollarSign, { className: "w-8 h-8 text-red-600 mb-4" }),
|
|
51479
|
-
/* @__PURE__ */ jsxRuntime.jsx("h3", { className: "text-lg font-bold mb-3", children: "Financial Impact" }),
|
|
51480
|
-
/* @__PURE__ */ jsxRuntime.jsxs("div", { className: "text-sm text-slate-600 space-y-2", children: [
|
|
51481
|
-
/* @__PURE__ */ jsxRuntime.jsxs("p", { children: [
|
|
51482
|
-
/* @__PURE__ */ jsxRuntime.jsx("strong", { children: "Based on:" }),
|
|
51483
|
-
" Average costs for businesses your size in your industry"
|
|
51484
|
-
] }),
|
|
51485
|
-
/* @__PURE__ */ jsxRuntime.jsxs("p", { children: [
|
|
51486
|
-
/* @__PURE__ */ jsxRuntime.jsx("strong", { children: "Source:" }),
|
|
51487
|
-
" IBM Cost of Data Breach Report 2024"
|
|
51488
|
-
] }),
|
|
51489
|
-
/* @__PURE__ */ jsxRuntime.jsxs("p", { children: [
|
|
51490
|
-
/* @__PURE__ */ jsxRuntime.jsx("strong", { children: "Your result:" }),
|
|
51491
|
-
" $",
|
|
51492
|
-
baseCost ? baseCost.toLocaleString() : "510,000",
|
|
51493
|
-
" potential cost for small ",
|
|
51494
|
-
clientData.industry,
|
|
51495
|
-
" business"
|
|
51496
|
-
] })
|
|
51497
|
-
] })
|
|
51498
|
-
] }),
|
|
51499
|
-
/* @__PURE__ */ jsxRuntime.jsxs("div", { className: "border-2 border-slate-200 rounded-lg p-6", children: [
|
|
51500
|
-
/* @__PURE__ */ jsxRuntime.jsx(lucideReact.Shield, { className: "w-8 h-8 text-blue-600 mb-4" }),
|
|
51501
|
-
/* @__PURE__ */ jsxRuntime.jsx("h3", { className: "text-lg font-bold mb-3", children: "Protection Value" }),
|
|
51502
|
-
/* @__PURE__ */ jsxRuntime.jsxs("div", { className: "text-sm text-slate-600 space-y-2", children: [
|
|
51503
|
-
/* @__PURE__ */ jsxRuntime.jsxs("p", { children: [
|
|
51504
|
-
/* @__PURE__ */ jsxRuntime.jsx("strong", { children: "Based on:" }),
|
|
51505
|
-
" How much each security control reduces attack success"
|
|
51506
|
-
] }),
|
|
51507
|
-
/* @__PURE__ */ jsxRuntime.jsxs("p", { children: [
|
|
51508
|
-
/* @__PURE__ */ jsxRuntime.jsx("strong", { children: "Source:" }),
|
|
51509
|
-
" NIST Cybersecurity Framework effectiveness data"
|
|
51510
|
-
] }),
|
|
51511
|
-
/* @__PURE__ */ jsxRuntime.jsxs("p", { children: [
|
|
51512
|
-
/* @__PURE__ */ jsxRuntime.jsx("strong", { children: "Your result:" }),
|
|
51513
|
-
" Each control's value calculated from proven risk reduction"
|
|
51514
|
-
] })
|
|
51515
|
-
] })
|
|
51516
|
-
] })
|
|
51517
|
-
] }),
|
|
51492
|
+
/* @__PURE__ */ jsxRuntime.jsx("div", { className: "space-y-6", children: Object.entries(groupTitles).map(([groupKey, title]) => /* @__PURE__ */ jsxRuntime.jsxs(React.Fragment, { children: [
|
|
51493
|
+
/* @__PURE__ */ jsxRuntime.jsx("h2", { className: "text-lg font-semibold mb-2", children: title }),
|
|
51494
|
+
/* @__PURE__ */ jsxRuntime.jsx("p", { className: "text-gray-600 mb-4", children: groupDescriptions[groupKey] }),
|
|
51495
|
+
/* @__PURE__ */ jsxRuntime.jsx("div", { className: "space-y-2", children: /* @__PURE__ */ jsxRuntime.jsx("ul", { className: "border border-slate-200 bg-slate-50 rounded-lg py-2 px-4 flex flex-col w-full", children: controlLevels[groupKey].map(
|
|
51496
|
+
(control) => /* @__PURE__ */ jsxRuntime.jsxs(
|
|
51497
|
+
"li",
|
|
51498
|
+
{
|
|
51499
|
+
className: "py-2 flex items-center w-full",
|
|
51500
|
+
children: [
|
|
51501
|
+
/* @__PURE__ */ jsxRuntime.jsx("span", { className: "max-h-6 max-w-6 w-full text-sm flex items-center justify-center rounded-full border bg-blue-100 border-blue-900 text-blue-900 font-bold mr-4", children: control }),
|
|
51502
|
+
/* @__PURE__ */ jsxRuntime.jsx("span", { className: "flex leading-tight", children: serviceDescriptions[control] })
|
|
51503
|
+
]
|
|
51504
|
+
},
|
|
51505
|
+
control
|
|
51506
|
+
)
|
|
51507
|
+
) }) })
|
|
51508
|
+
] }, groupKey)) }),
|
|
51518
51509
|
/* @__PURE__ */ jsxRuntime.jsxs("div", { className: "bg-slate-50 rounded-lg p-6 mb-6", children: [
|
|
51519
51510
|
/* @__PURE__ */ jsxRuntime.jsx("h3", { className: "text-xl font-bold mb-4", children: "Our Approach" }),
|
|
51520
51511
|
/* @__PURE__ */ jsxRuntime.jsx("p", { className: "text-sm text-slate-700", children: "We use the same data sources that insurance companies and security professionals rely on. Our calculations are conservative - real attack costs are often higher than our estimates." })
|