I don’t need an Info Sec Security Assessment, or do I??

Posted by Clyde Cooper on Feb 14, 2020 8:43:41 AM

Why invest a lot of time and money doing a cybersecurity risk assessment to receive a lengthy report to find out all the things you know you didn’t have, all the things you know are broken and all the things you know need to be fixed?

Yes, a top-notch Cybersecurity Analyst will report all of that, but it should only be a portion of the overall findings.  An experienced Cybersecurity Analyst will find a lot of things your IT department didn’t know because they either lack the expertise or simply lack the bandwidth to get to these findings.  Most IT departments are overused and are spending the majority (if not all) of their time just trying to keep the lights on.

A top-notch cybersecurity team looks at trends that shaped the information security landscape in 2019 and what is trending in 2020. They follow the data to highlight the most prominent trends that can help organizations better assess risk factors, understand relevant threats and bolster their security strategy in 2020 to build a more robust and mature InfoSec program moving forward.

The main emphasis of the report should be focused on quantitative based recommendations from highest to lowest vulnerabilities, likelihood of the vulnerabilities being exploited, and if exploited what would be the impact to the organization. 

Once you understand that, you can spend your money and valuable time actually fixing the right stuff and not just buying some shiny new box that the Next Gen sales guy said will take care of everything you need to be secure.

How to measure risk and the return on remediation costs is a conundrum very few Cyber Security experts have mastered. You need trusted advisors who understand risk and recommend appropriate solutions and remediation steps.

If your company is small in scope, a full information security assessment may very well be overkill.  There are other methods to establishing a good baseline of your vulnerabilities and risks without spending a dime and rather utilize that money to fix some low hanging fruit that hackers love to see and take advantage of.

JUST AS IMPORTANTLY, do you have a Trusted Advisor and Cyber Security Expert in your corner to help you navigate the myriad of confusing new, latest, greatest, and next Gen solutions offered to you every day? SHOULD YOU PAY GOOD $’s and much of your valuable time for an INFOSEC ASSESSMENT? – LET’S FIGURE THAT OUT TOGETHER. 

 

 

Topics: Cyber Security, IT, security, Engineer