Security Testing for Health-Focused Social Network

Industry: Healthcare

Project Feedback

The internal team’s security posture increased by 75% using the risk assessment scoring methodology, from 483 to 702. FRSecure utilizes a comprehensive framework to successfully evaluate the security of their client’s systems. The team is thorough and hard-working.

Case Study

Mike Thyken
CTO, CaringBridge

DOWNLOAD NOW

The Client

Founded on June 7, 1997, CaringBridge was the first social network created for communicating during a health crisis, developed nearly a decade before most social networking sites, including Facebook (2004) and Twitter (2006). CaringBridge is the first and most widely used global social network dedicated to helping family and friends communicate with and support loved ones during a health journey through the use of free, adfree personal websites. Our vision is a world where no one goes through a health journey alone. CaringBridge.org is used by over 30 million unique visitors every year, an average of almost 300,000 people visit CaringBridge per day, and those visitors come from over 235 countries and territories. CaringBridge is a non-profit with nearly 90% of funding coming from individuals who have used the site on a health journey. In 2019 we have more than 120,000 individual donors. More than a million donors have supported CaringBridge since 2002. My position is CTO, responsible for the product and technology which powers our mission.

The Challenge

CaringBridge is used by people going through very difficult times and often requiring that they communicate sensitive and personal information to their community. Part of our brand promise is that we will provide a secure and safe environment for them to work with their community of support. Our objective was to evaluate the security of our environment and site to ensure we can provide the level of protection that our users expect. In addition, we are a non-profit that has limited resources and requires a security program that fits our organization.

Describe the Project in Detail

We used FRSecure for our original assessment in early 2018. They provided both a risk assessment and an external Web Penetration Test. With their results they provided both a detailed assessment of our capabilities as well as templates and deliverables to jumpstart our remediation efforts. We just completed a second round of security assessments including a risk assessment and an external Web Penetration Test in December 2019. Based on the framework they had provided for our previous remediation, we significantly improved our secure posture and capabilities since the original assessment in 2018.

What is the team composition?

The team included an executive sponsor and technical experts from CaringBridge. FRSecure supplied a project manager and technical security experts for the assessment.

How did you come to work with FRSecure?

FRSecure has a comprehensive yet lightweight framework for evaluating an organization’s security capabilities. Their cost was reasonable yet they provided excellent technical expertise.

The Outcome

Our security posture increased by 75% using a risk assessment scoring methodology from 483 to 702. The number of identified security issues dropped significantly. The framework that FRSecure provided to us significantly helped us to focus our remediation efforts and resolve individual security exposures.

How did FRSecure perform from a project management standpoint?

The coordination of the assessment was greatly helped by their Project Manager to ensure the whole effort stayed on track.

What did you find most impressive about them?

The quality of the security assessment was very good and comprehensive. Yet the cost and impact were relatively low. This was an effort that even small organizations can absorb to improve their security posture to help protect their organization from all the bad actors out there in the world.

Are there any areas they could improve?

None

Want to work with us?