Security Risk Assessment
Performing an annual Security Risk Assessment is critical to identifying and managing risk within your organization! Whether you are performing an assessment for compliance with HIPAA, NIST, or GDPR, or you just want a clear picture of the state of information security within your organization, Applied Tech can help by delivering a FISASCORE assessment.
Key benefits of a FISACORE assessment provided by Applied Tech are:
- Providing an objective, easy-to-understand score to track progress over time.
- Identifying risk that exist regarding information security and prioritizing them.
- Meeting compliance requirements of annual risk assessments and management.
- Leveraging the provided reports to assist in future IT planning and budgeting discussions.
The four phases of a FISASCORE Security Risk Assessment are:
- Administrative Controls: This is the “people part” of information It includes policies, procedures, and processes used to develop the objectives for the information security program. It also covers incident management, business continuity, and compliance.
- Physical Controls: This includes doors, access control systems, cameras, environmental protections, alarms, etc. It also covers risk crime and natural disaster risk based on geographic location.
- Internal Technical Controls: This includes things like network connectivity, remote access, logging and alerting, vulnerability management, and backup & recovery.
- External Technical Controls: This includes identifying what is exposed to the outside world from your network, and what protections are in place to secure the network from unauthorized.
Click the button below to get your free FISASCORE estimation score!
We have partnered with an independent third-party, SecurityStudio, to leverage their framework for delivering un-biased security risk assessments to our customers. The FISASCORE Assessment is based on established best-practices such as the NIST Cyber Security Framework, HIPAA, and PCI DSS. It also relies on internal and external scans utilizing a highly-regarded vulnerability scanner to complete the reports.