cqrenet/antifragile
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
486c092c32372f4e7242b9820a401a5e25796d1f
antifragile/antifragile-consulting/assessment-templates
T
History
Claude Sonnet 4.6 5c4e91179d feat: Add findings backlog as pragmatic alternative to risk register 
New: assessment-templates/findings-backlog.md
  Design principles: lives where client works, every finding has an owner,
  feeds the housekeeping stream, accumulates from all sources.
  Format: 6-field minimal entry (ID, finding, source, priority, owner,
  status) with optional target date/effort/notes/closed date.
  P0/P1/P2 priority using kill chain test.
  Flat file template for Git-based clients.
  Population guide: Day 30 (from Brownhat), subsequent modules, continuous
  tools (ASTRAL drift, PULSAR alerts, Elysium, BloodHound).
  Monthly housekeeping cycle structure.
  Relationship to formal risk register explained.
  Backlog health indicators (warning signs it is not functioning).

Wired into existing framework:
  move-fast-and-fix-things.md: Rule 4 now names the backlog as the queue
  rapid-modernisation-plan.md: Day 30 item 7 and Phase 1 action updated
  engagement-model.md: Section 4 deliverables table updated at all stages
  assessment-templates/README.md: Production-ready templates section added
  index.md: Findings Backlog added to Assessment and Tools table

Co-Authored-By: Tom Kracmar <tom+claude@cat6.cz>
2026-06-05 10:09:08 +00:00
..
antifragile-risk-register.md
chore: Full consistency scan — AOC->PULSAR, fix training-data claims, fix 90% claim
2026-06-05 07:05:13 +00:00
m365-project-risk-register.md
Initial commit: antifragile cybersecurity consulting blueprint
2026-05-09 16:53:22 +02:00
module-completion-report.md
feat: Add engagement model, consultant field guide, deliverable templates, CQRE tools integration, and Czech localization
2026-05-27 21:33:52 +02:00
nist-csf-baseline-cs.md
feat: Add engagement model, consultant field guide, deliverable templates, CQRE tools integration, and Czech localization
2026-05-27 21:33:52 +02:00
nist-csf-baseline.md
feat: Add engagement model, consultant field guide, deliverable templates, CQRE tools integration, and Czech localization
2026-05-27 21:33:52 +02:00
README.md
feat: Add findings backlog as pragmatic alternative to risk register
2026-06-05 10:09:08 +00:00
risk-register-example.md
chore: Full consistency scan — AOC->PULSAR, fix training-data claims, fix 90% claim
2026-06-05 07:05:13 +00:00

README.md

Assessment Templates

"What gets measured gets managed. What gets managed honestly becomes antifragile."

This directory contains diagnostic tools, maturity models, and assessment resources for evaluating organizational antifragility.

Production-Ready Templates

Template Purpose
Findings Backlog Single source of truth for all findings across every module and diagnostic. The input queue for the housekeeping stream. Pragmatic alternative to a formal risk register for organisations that do not have one.
NIST CSF 2.0 Baseline Assessment The Brownhat Diagnostic: structured 2-half-day workshop, gap analysis, kill chain identification
Module Completion Report Completion package template for every module; includes backlog update
Antifragile Risk Register Formal risk register template; the backlog feeds into this for organisations with mature risk management
Risk Register Example 8 fully populated entries from a realistic engagement — calibration reference
M365 Project Risk Register M365-specific risk register with phase gates

Planned Assessments

1. Antifragile Maturity Model (AF-MM)

A five-level maturity model covering:

  • Level 1: Fragile — Reactive, undocumented, dependent on single vendors
  • Level 2: Robust — Documented, monitored, but static
  • Level 3: Resilient — Automated recovery, tested backups, incident response operational
  • Level 4: Adaptive — Chaos engineering, continuous learning, structural improvement from failure
  • Level 5: Antifragile — Volatility is exploited for gain, optionality is strategic, intelligence is sovereign

2. AI Sovereignty Readiness Assessment

Evaluates:

  • Current AI usage inventory completeness
  • Data classification and leakage risk
  • Local infrastructure readiness
  • Vendor dependency and exit feasibility
  • Regulatory compliance posture

3. T0 Asset Discovery Scanner

Planned scripted assessment to:

  • Enumerate critical assets across on-premises and cloud environments
  • Classify assets by tier based on dependency mapping
  • Identify gaps in protection, monitoring, and recovery
  • Generate prioritized remediation roadmap

4. Dependency Risk Mapper

Planned tool to:

  • Map vendor and technology dependencies
  • Calculate coupling depth and exit difficulty
  • Identify hidden single points of failure
  • Simulate failure cascades

5. Incident Learning Index

Measures the organization's ability to convert incidents into structural improvements:

  • Mean time to structural fix
  • Post-mortem completion rate
  • Structural changes implemented per incident
  • Repeat incident rate

Development Roadmap

Phases are sequenced by client impact, not calendar quarter. Dates are assigned at the start of each development cycle.

Phase Deliverable Format Status
1 AF-MM v1.0 — Antifragile Maturity Model questionnaire and scoring guide Markdown + spreadsheet Planned
2 AI Sovereignty Readiness Assessment v1.0 Interactive web form or CLI tool Planned
3 T0 Asset Discovery Scanner v0.1 — cloud APIs + on-premises enumeration Python script Planned
4 Dependency Risk Mapper v0.1 — vendor coupling depth and failure cascade simulation Python + network analysis Planned

Contributing

When adding new assessments:

  1. Document the purpose, methodology, and limitations
  2. Include scoring rubrics with clear criteria
  3. Provide sample outputs and interpretation guidance
  4. Version assessments and maintain changelogs
  5. Test on at least two different organizational profiles before release

Return to Repository Index

Reference in New Issue View Git Blame Copy Permalink