You can now take advantage of a simple and free tool that will help you determine how mature your company's cybersecurity operations are.
The Information Systems Security Association (ISSA) and the Alliance for Performance Excellence , the public-private state and local outreach arm of the Baldrige Performance Excellence Program based managed by the National Institute of Standards and Technology , created the self-assessment tool and have released it free to the public.
Why is such a tool needed?
Cybersecurity is one of the areas within businesses that needs formal protocols and analysis, but often does not follow such practices. Information-security analyst, Steve Hunt , whom I used to work with in the late 1990s, and who is now a member of ISSA's Information Security Hall of Fame, told me that after polling 450 CIOs and business leaders it became obvious to him that despite all of the preaching done in the industry about formalized processes, "fragmented, improvisational, shoot-from-the-hip security management is still the norm in most organizations, especially those on the smaller end of the spectrum."
This is not surprising. Over the years I have seen many companies implement various technologies as part of efforts to "improve security," only to discover later that they are still not compliant with what their customers and partners expect - or, worse yet, they install the wrong security countermeasures and then suffer a breach. I have witnessed many firms "buy brand" - that is, buy products from well-known larger vendors even when those products did not adequately address the relevant security concerns as well as offerings from smaller firms - and then suffer security problems as a result. Hackers do not care what brand you buy; if you are vulnerable they will hack you.
A similar sentiment was echoed by Andrea Hoy , President of ISSA, "In the past two years, the amount of attention data breach and malware has received has made cybersecurity and the existence of technology that can be used to control it more common than ever before. Yet critical data loss still occurs, because despite the technology implemented, there is still the inherent risk that comes from weak or non-existent security processes."
The goal behind the new, free tool - dubbed the Security Success Score - is to formalize the process, and allow business leaders to assess the performance and maturity of their respective organizations' security operations in light of popular NIST-based and Baldrige-based frameworks. While the Security Success Score is, theoretically, suitable for organizations of all sizes, it is optimized for smaller and mid-sized businesses.
You can access the Security Success Score tool for free via Managehub, the firm that developed the tool for the aforementioned organizations.