DueNorth Security and our partner Security Studio offer a free security risk assessment and S2Score. This self-assessment can be validated by a DueNorth security analyst after completion.  The free self-assessment is intended as an estimate of your S2Score and should not be considered a comprehensive risk assessment.

Benefits of the S2Score Security Risk Assessment Tool

• Provides a baseline to measure your organization’s information security risk.
• Based on risk. The most effective way to manage information security is based on risk, not on specific controls that may or may not fit for your organization.
• Easy to Understand. Easy to understand and effective are not mutually exclusive.  In fact, they usually go hand in hand.  The most effective information security programs are typically simple and effective.  Complexity is often the enemy to good security.
• Comprehensive.  Information security is not an IT issue; it is a business issue.
• Objective. Scoring is as objective as is possible given what we know about threats, vulnerabilities, exploits and risk in general.  Each assessed control is given a risk metric based on professional opinions, best practices, and real-life data.
• Clear and free from technical jargon. Terms like “NextGen”, “Internet of Things” (IoT), “Advanced Persistent Threats” (APT), etc. are all avoided as much as possible.
• Industry accepted and credible, and HIPAA compliant. The assessment leverages and references current security frameworks and standards such as ISO/IEC 27001:2013 and the NIST Cybersecurity Framework (CSF). The same framework to prove HIPAA security compliance. This is very good news for organizations that have built their information security programs per one or more of these frameworks and helps to lend to the credibility of the assessment.