Security posture

One page for leadership: where the program stands today.

Risk heatmap — likelihood × impact

Impact →
Likelihood →

Maturity by CSF 2.0 function

Top open risks

Due & overdue actions

Risk register

Inherent scoring on a 5×5 matrix. Click a heatmap cell to filter.

Heatmap

Impact →
Likelihood →

By treatment

Asset inventory

You can't protect what you haven't written down. Criticality drives risk context.

Controls assessment — NIST CSF 2.0

Score each of the 22 categories 0–5. The overall posture score on the dashboard is derived live from this assessment.

Scale — 0 Not performed · 1 Ad-hoc · 2 Repeatable · 3 Defined · 4 Managed & measured · 5 Optimized.

Incident log

A lightweight register for tracking security incidents through containment to lessons learned.

Vendor register

Third parties with access to your systems or data, tiered by risk, with review dates.

Action plan

The living POA&M: remediation actions from risks, audits and incidents, with owners and due dates.

Policy generator

Eight starter policies, auto-filled with your organization details from Data & settings. Download as Markdown or print to PDF, then adapt to your context.

Executive report

Board-ready summary generated from live data. Print to PDF and circulate.

Data & settings

Diwan stores everything in this browser only (localStorage). Export a JSON backup regularly — it's also how you move between machines or share with a colleague.

Organization

Backup & restore

Everything — risks, assets, controls, incidents, vendors, actions, settings — in one portable file.

Edit

Saved