A professional, globally-applicable cybersecurity governance dashboard for CISOs, security leaders, and governance teams. Built with NIST CSF 2.0 as the primary framework and aligned with CIS Controls v8.
Live Demo: https://SiteQ8.github.io/security-leadership-panel
- 📊 Dashboard - Executive risk summary, KPIs, board-ready metrics
- 📋 Frameworks - NIST CSF (5 Functions) + CIS Controls mapping
- 📈 Metrics & KPIs - Board-level and operational metrics
- 🚨 Incidents - Active incident tracking and logging
- 🤝 Vendor Risk - Third-party risk management and assessments
- 📅 Planning - Strategic roadmap and maturity tracking
- ✅ NIST CSF 2.0 Compliance - Track Govern, Protect, Detect, Respond, Recover
- ✅ CIS Controls v8 Alignment - Map critical controls to NIST functions
- ✅ Risk Quantification - Financial impact estimation ($4.2M exposure example)
- ✅ Board-Ready Metrics - MTTD, MTTR, compliance %, remediation velocity
- ✅ Global Scope - No region-specific constraints (works worldwide)
- ✅ Vendor Assessment - Risk scoring, compliance tracking
- ✅ Incident Management - Log, track, and manage security incidents
- ✅ Strategic Planning - Roadmap with NIST CSF maturity levels
- ✅ Responsive Design - Works on desktop, tablet, mobile
- ✅ Professional UI - Clean, modern interface with color-coded alerts
- Clone this repository:
git clone https://github.com/SiteQ8/security-leadership-panel.git - Navigate to repository settings
- Enable GitHub Pages from the
docsfolder - Access at:
https://SiteQ8.github.io/security-leadership-panel
- Download the
docs/index.htmlfile - Open directly in any modern web browser
- No server or installation required
- Copy
docs/index.htmlto your web server - Serve from any HTTP/HTTPS endpoint
- Works with any CDN or static hosting
| Function | Coverage | CIS Controls Mapped |
|---|---|---|
| Govern (GV) | 84% | CIS 1-2 (Asset & Access Management) |
| Protect (PR) | 72% | CIS 2-4 (Access, Data, Defense) |
| Detect (DE) | 69% | CIS 4-5 (Defense & Detection) |
| Respond (RS) | 78% | CIS 5 (Detection & Response) |
| Recover (RC) | 75% | Custom (Recovery & Resilience) |
- ✅ NIST Cybersecurity Framework (CSF 2.0)
- ✅ CIS Controls v8
- ✅ ISO 27001 (compatible)
- ✅ NIST SP 800-53 (mappable)
- ✅ COBIT 2019 (reference)
- Track compliance against global frameworks
- Monitor board-level risk metrics
- Plan strategic initiatives aligned to NIST CSF
- Communicate risk in financial terms
- Executive dashboards with actionable intelligence
- Incident tracking and response metrics
- Vendor risk management
- Maturity assessment and roadmap planning
- Framework compliance visibility
- Control implementation tracking
- Third-party risk oversight
- Audit-ready reports
- Global security governance
- Multi-framework compliance (NIST + CIS)
- Risk quantification and financial modeling
- Strategic security planning
- Frontend: HTML5, CSS3, Vanilla JavaScript (ES6+)
- No Dependencies: Zero external libraries or frameworks
- Storage: Client-side (LocalStorage compatible)
- Browser Support: Chrome, Firefox, Safari, Edge (latest 2 versions)
security-leadership-panel/
├── docs/
│ └── index.html # Main application (GitHub Pages)
├── .github/
│ ├── ISSUE_TEMPLATE/ # Bug report + feature request
│ ├── PULL_REQUEST_TEMPLATE.md
│ ├── workflows/ci.yml # GitHub Actions CI
│ └── FUNDING.yml
├── README.md # This file
├── LICENSE # MIT License
├── SECURITY.md # Security policy
├── CONTRIBUTING.md # Contribution guidelines
├── CHANGELOG.md # Version history
└── .gitignore
- Responsive Grid Layout - Adapts to desktop, tablet, mobile
- Color-Coded Alerts - Success (green), Warning (orange), Critical (red)
- Interactive Tabs - Easy navigation between modules
- Professional Typography - System fonts for fast loading
- Accessible Forms - Proper labels, focus states, keyboard support
- Overall Risk Score: 0-10 scale (10 = critical)
- NIST CSF Compliance: % of controls implemented
- MTTD: Mean Time to Detect (hours)
- MTTR: Mean Time to Respond (hours)
- Critical Vulnerabilities: High-risk unpatched assets
- Phishing Click Rate: % of users clicking phishing links
- Active Incidents: Currently under investigation
- Risk Quantification: Estimated financial exposure
- Remediation Velocity: % of critical issues closed within SLA
- Security Budget ROI: Risk reduction per dollar invested
- Data Breach Risk: Probability of data exfiltration
- Regulatory Readiness: Compliance alignment score
- Alert Tuning Accuracy: % of accurate alerts
- Patching Compliance: % of devices with current patches
- False Positive Rate: % of non-threatening alerts
- Open
docs/index.htmlin any text editor - Modify the metric values in the HTML cards
- Update colors in the
:rootCSS variables - Save and refresh in browser
- Update metric values to reflect your environment
- Modify compliance percentages
- Add your risk assessments
- Customize incident data
The code is well-commented and modular. You can:
- Add new tabs for additional frameworks
- Integrate with external APIs
- Add data persistence (backend)
- Create automated reports
The dashboard is fully responsive:
- Desktop: Full 1400px width with 3-column grids
- Tablet: 2-column layout, optimized for 768px+
- Mobile: Single-column, touch-friendly interface
- All screen sizes: Readable text, accessible controls
- ✅ No External Dependencies: Reduces attack surface
- ✅ Client-Side Only: Data stays on your device
- ✅ No Tracking: Zero analytics or telemetry
- ✅ No Data Transmission: Completely offline-capable
- ✅ HTTPS Ready: Can be served over secure connections
This project is licensed under the MIT License - see LICENSE file for details.
You are free to:
- ✅ Use commercially
- ✅ Modify and distribute
- ✅ Include in proprietary projects
- ✅ Use without attribution (optional)
Contributions are welcome! Please see CONTRIBUTING.md for guidelines on:
- Reporting issues
- Submitting pull requests
- Code standards
- Framework additions
- GitHub Issues: Report bugs or request features
- Discussions: Join community discussions
- LinkedIn: Connect for professional updates
- Dark mode theme toggle with persistence
- Chart.js: NIST CSF compliance radar chart
- Chart.js: Risk distribution doughnut chart
- Data export to CSV (metrics)
- Search/filter on incidents and vendor tables
- Toast notification system
- Live clock + v2.0 badge in header
- GitHub link in header
- Community files (LICENSE, SECURITY, CONTRIBUTING, CHANGELOG)
- GitHub Actions CI + issue/PR templates
- API integration templates (M365 Defender, Splunk)
- Prometheus/Grafana dashboard export
- Multi-language support (Arabic RTL)
- Custom dashboard builder (drag & drop)
- PDF report generation
- Trend line charts (month-over-month)
- Role-based views (CISO vs analyst)
Ali AlEnezi
GitHub: @SiteQ8
Email: [email protected]
If you find this tool useful, please consider:
- ⭐ Starring this repository
- 📢 Sharing with your security team
- 💬 Providing feedback and suggestions
- 🔄 Contributing improvements
Last Updated: March 2026
Version: 2.0.0
Status: Production Ready ✅