With over 20 years of practical experience under our belt, we know there is a better mousetrap. For decades, organizations have struggled with Information Security. There are many reasons that we continue to fail, but it boils down to two simple things:
At 20/20 Secure, we want to improve the vision of information security. We believe that every organization should know their own most significant risks, and should use those risks when developing and managing an Information Security program.
Once we have the necessary vision, we can communicate our risks effectively to others. Once everyone has a common vision, we can work to reduce the risks that are most significant to each organization’s operations.
Evan Francen, founder of 20/20 Secure, realized this challenge early on. As an information security leader who for many years has been responsible for hundreds of information security programs, observing too many organizations spinning their wheels on checklists and overly-burdensome security frameworks. He’s always believed (and known) that a risk-based approach to building and maintaining an Information Security program is the most efficient and economical solution.
Working through five (5) major revisions over the past decade, we have developed the best-of-breed security assessment designed to evaluate all facets of Information Security in any organization. Drawing on accepted standards such as the NIST Cybersecurity Framework (NIST CSF), NIST SP800-53, , ISO 27000, CIS Top 20 Security Controls, and others, we developed a standardized and objective assessment model that applies to all organizations, big and small. Finally, we established the FISASCORE® as the definitive measurement of Information Security risk and positioned it as a quick and concise way for leaders and technical teams to understand and share risk information.
But we knew we couldn’t do it alone. So, we developed a Software-as-a-Service model for our assessment tools and offered them to our partners. By allowing our partners access to our tools and methodologies, we believe that we can truly change the conversation in Information Security, and fix a broken industry.
Our team brings together experts in Information Security, Software Development, Training and Support. We love what we do. We tell the truth. We play hard and work even harder.