Cybersecurity Assessment

S2SCORE® is a comprehensive information security risk assessment designed to discover and quantify information security risk. An industry standard utilized by security practitioners around the country, S2SCORE builds effective information security programs and provides organizations with the data necessary to prioritize and maximize information security investments.

Connect with a Cybersecurity Specialist

Quantification of risk also provides the pivotal common language for security practitioners and executives to speak about risk. This allows organizations to set risk tolerance thresholds and eases the process of determining how much money to spend.

S2SCORE matches the requirements to many different standards including HITRUST, ISO 27000-1, NIST CSF, FFIEC, NCUA, GLBA, FISMA

S2SCORE consists of a thorough evaluation of risks within four phases: Administrative Controls, Physical Controls, Internal Technical Controls, and External Technical Controls:

Administrative Controls

Sometimes referred to as the “human” part of information security and are controls used to govern other parts of information security.

Physical Controls

The security controls that can often be touched and provide physical security to protect your information assets.

Internal Technical Controls

The controls that are technical in nature and used within your organization’s technical domain (inside the gateways or firewalls).

External Technical Controls

These are technical in nature and are used to protect outside access to your organization’s technical domain (outside the gateways or firewalls).

More Information

S2ORG and S2SCORE Overview