Security Risk Assessments
Performing an annual Security Risk Assessment is critical to identifying and managing risk within your organization. Whether you are performing an assessment for compliance with HIPAA, NIST, or GDPR, or you just want a clear picture of the state of information security within your organization, Applied Tech can help by performing an S2SCORE assessment.
We have partnered with an independent third-party, SecurityStudio, to leverage their framework for delivering un-biased security risk assessments to our customers. The S2SCORE Assessment is based on established best-practices such as the NIST Cyber Security Framework, HIPAA, and PCI DSS. It also relies on internal and external scans utilizing a highly-regarded vulnerability scanner to complete the reports.
There are four phases of an S2SCORE Security Risk Assessment:
- Administrative Controls: This is the “people part” of information which includes policies, procedures, and processes used to develop the objectives for the information security program. It also covers incident management, business continuity, and compliance.
- Physical Controls: This includes doors, access control systems, cameras, environmental protections, alarms, etc. It also covers risk crime and natural disaster risk, based on geographic location.
- Internal Technical Controls: This includes network connectivity, remote access, logging and alerting, vulnerability management, and backup & recovery.
- External Technical Controls: This includes identifying what is exposed to the outside world from your network, and what protections are in place to secure the network from unauthorized access.
Key benefits of an Security Risk Assessment include:
- Providing an objective, easy-to-understand score to track progress over time.
- Identifying risks that exist regarding information security and prioritizing them.
- Meeting compliance requirements of annual risk assessments and management.
- Leveraging the provided reports to assist in future IT planning and budgeting discussions.
Take the Test
Click on the green image below and you can access an abbreviated version of the assessment. It is approximately 60 questions in length covering the 4 major phases noted above. The assessment will require someone with the proper knowledge of your existing infrastructure, protocols and safeguards to answer the questions. When completed, you will receive a composite score, how it compares to the industry average and where you reside on the security spectrum.
The full assessment, with almost 700 questions, is much more robust. The free assessment has some significant limitations. Since it is self-administered, it is not a validated assessment. Nor does it perform any vulnerability scans which would indicate where you may have holes in your security layers. Yet, it provides you with an awareness of what a comprehensive security plan should encompass.
This is where Applied Tech can help out. As a CompTIA Security + Trustmark partner, we can bring our expertise, rigor and technical tools to perform the full assessment for you. So give this free version a try, check your score and then get in touch with us to discuss what it means and learn how a full assessment could put your company on a path to a more secure future.
Notice: Clicking the button above will take you to the Security Studio site to sign up for your access to the security assessment tool. There is no charge but it will ask you to create a sign in to use the tool.