January 30, 2017
Buying a Cybersecurity Risk Assessment
Cybersecurity Risk assessments are essential activities performed on your company’s security infrastructure that reveal threats to key corporate assets and vulnerabilities in your current security controls. The ultimate goal of a risk assessment is to define appropriate safeguards tailored to your company’s risk profile and priorities. Many companies also conduct risk assessments as a key part of security regulation compliance.
How Do I Buy a Cybersecurity Risk Assessment?
Most people when charged with the task of acquiring a security risk assessment don’t know how to acquire the necessary solutions to meet their needs. Why, because 1) risk assessments mean different things to everyone and 2) because assessments can contain a variety of solutions that address the problem of assessing risk, but companies don’t generally need or want every solution that is available. For instance, a Security Review is probably the most valuable assessment solution in that it completely reviews your entire security posture. Yet many companies offer only individual security tests like penetration tests or vulnerability scans.
What If I Buy the Wrong Risk Assessment?
If you ask 10 security companies for a “risk assessment” and never have a thorough dialog with them about what you really need, then you will get at least 8 or 10 different recommendations. So, that means you will likely NOT get what you expect in a cybersecurity risk assessment. Furthermore, you will be comparing apples and oranges. No two vendor quotes will be for the same solution. Beware of any company that provides a quote for a risk assessment without having a thorough discussion about your situation.
Objectives in Defining the Correct Risk assessment
Defining the right risk assessment requires two things.
- Defining what the true assessment objective(s) are for your business
- Defining which components of a cybersecurity risk assessment are needed, wanted and can be afforded
Buying a risk assessment is like buying ice cream. Everyone has a different flavor, but they don’t all meet your Needs.
The Cybersecurity Risk Assessment Survey
eSecurity Solutions uses a risk assessment survey to begin the engagement process. The assessment survey helps customers peel back the onion to define:
- Your key data that you are trying to protect
- Who touches your data
- What is motivating your need for an assessment
- What concerns you have about your business
- What security controls do you have in place
- Overview of your business (locations, people, datacenters, etc)
- What risk assessment tests do you think you need before we talk
Defining a Custom Solution Just for You
Once we have the risk assessment survey, we schedule a detailed conversation to discuss:
- What you have submitted in the survey
- What services we can provide
- What we would recommend given your situation
- How the recommended services are conducted
- What reports and results we will deliver
- How what we deliver will meet your stated end goal
- Budgets and options
Once we have defined the right solution that fits you budget, then we can begin the work of delivering the results for which you are looking.
We are in the business of helping customers get what they want and need, so contact us to discuss your needs and any questions you might have.