How does it work? Which score will you get? We'll explain it here!
How secure is your environment? Which "score" will I get if I am audited? Where to start? What's the next step after I get audited? What is the average score ? What would be an "OK" score?
If at least one of these questions has already popped up into your mind before, this article is for you!
Companies thinking about improving Information Security want to know where to start or what to do.
At EASI, we are convinced that the first step is an inventory. One of the most valuable and pragmatic solution is through a Security Audit. It will provide you with
- an overview of your current situation ("AS IS")
- a global score (e.g. 62%)
- and a starting point (Where am I on my x years road map?)
But this is not enough! Most of companies will get a score and start working on recommendations whilst keeping the first audit results as a reference during the whole process. However, things change (a lot) and evolve. This is the very reason why a regular audit is needed in order to make sure remediation actions and improvements are ongoing and that new vulnerabilities or risks are identified. Security is a continuous process.
With this way of thinking in mind, let's talk about:
How will we evaluate your security?
This grade you get at the end of the audit might be as stressful as the grade you get at the end of your studies. Even more when you have to show this score to the management board.
What if you could show a great evolution? What if you were proud of it rather than afraid of it?
Let's see how we can achieve this together!
Our experience showed us that out of the last 50 Systems Hardening Audits performed by EASI, the average score was 53,6 % for the first audit.
When looking at the second audit (usually performed 1 year later) , this score reaches 71,3% ... and for companies who asked EASI to perform the recommendation actions or improvements it goes further up to 76,8%.
So, tell us. What are you going to do next ?