ITeasyAG — Simplified IT Security Assessment Tool
From “cybersecurity complexity” → a structured, SME-friendly assessment with clear priorities and report-ready outputs.
Agile Business Analysis • SME Cybersecurity • Assessment + Reporting
Project type
Agile BA (FHNW) — Group project
Domain
Cybersecurity assessment for SMEs
Deliverables
Excel tool + client-style report mockups
Framework
People / Process / Technology maturity view
Overview
This project focused on designing a practical cybersecurity assessment that SMEs can actually complete and act on. We structured the assessment around three pillars — People, Process, and Technology — and delivered both the assessment tool and a report format that communicates results clearly to non-technical decision-makers.
The problem
Cybersecurity feels overwhelming for SMEs
Small and mid-sized businesses often lack time, budget, and specialist knowledge—so security stays reactive rather than structured.
Too much jargon, not enough decisions
Many assessments produce technical outputs that don’t translate into clear priorities, ownership, and next steps for leadership.
No consistent way to measure progress
Without a simple scoring approach, it’s hard to benchmark “where we stand” or track improvements over time.
My contribution
My focus was on ensuring the solution stayed SME-realistic: clear structure, minimal jargon, and outputs that support decisions. I contributed to shaping how the framework translates into measurable readiness, helped evaluate prototyping options for the report experience, and supported the final project narrative so the solution communicates value quickly.
What I worked on
SME readiness thinking • framework translation • report experience • delivery narrative
How I approached it
simplify → validate → structure → communicate
Why it mattered
assessment that drives action, not confusion
The solution
Pillar 1 — Assessment Tool (Excel)
A structured questionnaire grouped into People, Process, and Technology. The tool captures responses, converts them into a scoring view, and highlights gaps that require attention.
- Easy-to-follow sections (SME friendly)
- Clear scoring logic (action-oriented)
- Identifies gaps & priority areas
- Designed to be repeatable over time
Pillar 2 — Client Report Output (Mockups)
A report layout that turns assessment results into a client-friendly story: summary → visual scores → practical recommendations. Designed so non-technical stakeholders understand the ‘so what’ quickly.
- At-a-glance summary + visuals
- Plain language explanations
- Priority guidance (what to fix first)
- Option for deep-dive details (expandable)
Excel assessment tool (full view)
The assessment workbook is embedded below so it can be viewed end-to-end in one place. You can also open a visual preview first.
How it works
- 1Kick-off: clarify scope, stakeholders, and what ‘good security’ means for an SME context.
- 2Assessment: guide the client through People / Process / Technology questions in the tool.
- 3Scoring: convert answers into a structured view of maturity and risk areas.
- 4Interpretation: translate technical topics into business-relevant implications (impact & urgency).
- 5Recommendations: propose realistic improvements with ownership and priority order.
- 6Reporting: produce a client-facing report (summary + visuals + next steps).
- 7Follow-up: repeat the assessment later to track progress and measure improvements over time.
What I learned
Clarity is a product feature
The hard part wasn’t listing security topics — it was translating them into language and structure decision-makers can use.
Framework-first beats tool-first
People / Process / Technology helped us keep coverage broad while staying understandable and consistent.
Agile BA is mostly coordination
Alignment, shared definitions, and iterative feedback mattered as much as the deliverable itself.
Deliverables must survive the real world
A good assessment is repeatable, explainable, and actionable — not just comprehensive.
Biggest takeaway: the “best” cybersecurity solution isn’t the most complex — it’s the one that an SME can understand, adopt, and repeat.
Want to see the deliverables?
Open the report preview image and the full Excel workbook directly.