The Comprehensive Information Security Assessment Score
At SecurityStudio®, we believe that every organization is faced with three major challenges when developing and executing a successful information security program: seeing information security differently, prioritizing risks, and agreeing on methods to address those risks.
Our goal is to help all organizations to build and maintain a strong information security program. We developed FISASCORE to assist organizations with these challenges and to provide a common vision of information security risk and maturity.
COMPREHENSIVE, AUTHORITATIVE, AND OBJECTIVE SCORE
FISASCORE is a comprehensive, risk-based measurement of information security assigned to your company. A FISASCORE identifies critical vulnerabilities, control gaps/deficiencies, and applicable threats to administrative, physical and technical controls used to protect the confidentiality, integrity and availability of information in your organization.
EVALUATION CRITERIA IS FOCUSED ON REGULATORY AND INDUSTRY STANDARDS
Drawing from standards such as NIST 800-53 and ISO 27000 together with regulatory requirements from HIPAA (Healthcare), GLBA (financial services) and PCI (retail credit card sales), our evaluation criteria are chosen to identify risk to information security. Using a common language and a standard set of objectives for a comprehensive risk-based security program, we can communicate information risk and protection between organizations with varying size, business purpose and internal culture.
FISASCORE ENSURES A WELL-ROUNDED ASSESSMENT
A successful information security program is more than just software and hardware. A FISASCORE evaluates information security risks across all facets of information security: administrative, physical and technical controls. Covering all facets allows FISASCORE to represent the most comprehensive evaluation of information security risks that all people can easily relate to, regardless of your experience level.
REPORTING FOR EXECUTIVES, MANAGERS AND TECHNICAL TEAMS
FISASCORE allows all members of the organization to quickly and confidently understand and quantify information security risks. Each FISASCORE includes a measured scorecard, clear recommendations for senior leaders, and an Action Plan. The Action Plan guides in the decision-making after the assessment and the creation of work plans for ongoing improvement. Technical teams are provided with detailed reporting related to specific security controls, evaluation methods, tangible recommendations, and all the supporting information to enable significant risk reduction. Every FISASCORE includes comparisons to industry averages and recommendations to achieve a “best practice” or “acceptable” level of risk.