At 20/20 Secure, we believe that every organization is faced with two major challenges when developing and executing a successful information security program. The first challenge is that we all see information security in a different way. The second is to prioritize the greatest risks to organizations and agree on the most efficient and impactful methods to address these risks. Our goal is help all organizations to meet these challenges and leverage their capital, both human and financial, to build and maintain a strong information security program. We developed the FISASCORE to assist organizations with these challenges and provides a common vision of information security risk and maturity. Through the FISA Assessment process, an organization can determine the level of maturity across administrative, physical and technical controls used to protect the confidentiality, integrity and availability of information.
Bryan McGowan, 20/20 Secure VP of Operations
FISASCORE is a comprehensive, risk-based measurement of Information Security assigned to your company based on the FISA™ assessment process. A FISASCORE identifies critical vulnerabilities, control gaps/deficiencies, and applicable threats to the security of your organization.
Drawing from standards such as NIST 800-53 and ISO 27000 together with regulatory requirements from HIPAA (Healthcare), GLBA (financial services) and PCI (retail credit card sales), our evaluation criteria are chosen to identify risk to information security. Using a common language and a standard set of objectives for a comprehensive risk-based security program we can communicate information risk and protection between organizations with varying size, business purpose and internal culture.
A successful Information Security program is more than just software and hardware. A FISASCORE evaluates Information Security risks across all facets of Information Security; Administrative, Physical and Technical controls. Covering all facets of Information Security allows the FISASCORE to represent the most comprehensive evaluation of information security risks that all people can easily relate to; regardless of your Information Security experience level.
The FISASCORE allows all members of the organization to quickly and confidently understand and quantify information security risks. Each FISASCORE and FISA™ assessment includes a measured scorecard, clear recommendations for senior leaders, and an Action Plan. The Action Plan guides the decision-making after the assessment and creation of workplans for ongoing improvement. Technical teams are provided with detailed reporting related to specific security controls, evaluation methods, tangible recommendations, and all the supporting information to enable significant risk reduction. Every FISASCORE includes comparisons to industry averages and recommendations to achieve a “best practice” or “acceptable” level of risk.
As a vCIO for our Managed Service customers, having the knowledge of being certified as a Security Analyst, helps me to understand potential security risks in my clients’ environments. I feel equipped! This expertise will help us to partner with 20/20 Secure and “fix a broken industry”
I learn by doing and I’m as prepared as I can be! I feel 20/20 Secure did a good job relating real world experiences during my recent training to become a Certified SecurityStudio™ Analyst (CSSA). The support and insights 20/20 Secure gives will help us provide a FISAScore via Security Assessments to our clients.