FRSecure has partnered with SecurityStudio to further our mission of fixing a broken industry. We know we can’t do it alone so we’re joining SecurityStudio’s partners in the security community with plans to rally with them and collaborate in our cause.FRSecure President John Harmon
Every single company has sensitive data to protect, and every company is susceptible to compromise. So, every company also needs ongoing risk assessments.
Risk assessments are the backbone of a good information security practice. It’s important to get a baseline understanding of where our security practices are, where our biggest security gaps are, which assets carry the biggest impact to our businesses, and what the risk of those assets being compromised is. These are all things risk assessments help do.
A risk assessment is also the easiest way to track improvements, justify security investment, and communicate both to executive leadership and board members.
For these reasons (and more), every organization should conduct risk assessments on a rolling basis.
But there are barriers to conducting risk assessments—and they point to foundational problems we see in the information security industry daily.
Not surprisingly, the biggest barrier (especially for small- and medium-sized businesses) is cost.
FRSecure and SecurityStudio both recognize this barrier and have committing to eliminating it together. As part of that commitment, S2ORG, created by SecurityStudio and used by FRSecure to conduct risk assessments, is now available for public use at no cost.
While organizations who need a validated assessment annually because of industry regulations will still need a third-party information security service provider to vet the results, the free version will allow companies to get a baseline score, remediation recommendations, and the ability to track their improvements and efforts over time through self-assessment.