The DeSoto.io approach.
MEASURE your organization’s risk and expose vulnerabilities in your information security program.
- ADMINISTRATIVE The people part of information security, administrative controls are primarily procedures and policies that guide employee actions.
- PHYSICAL Physical controls are the means and devices to control physical access to sensitive information and protect the availability of the information.
- INTERNAL TECHNICAL Internal technical controls segments your network from the inside, ensuring that if someone did get in they wouldn’t be able to get far.
- EXTERNAL TECHNICAL External technical controls protect your organization from the outside world and are traditionally what people think of when they think of cyber security.
VENDORS: ASSESS AND PRIORITIZE THIRD-PARTY RISK
More than half of all breaches occur due to third-party vendors, so it’s critical that you know who all your vendors are and the risk that they pose to your organization.
- INVENTORY Easily import all vendors into one centralized location.
- CLASSIFY Based on a standard series of 10 questions, you will classify the risk posed by each vendor as either a high, medium or low.
- ASSESS The assessment measures the strength of the vendor’s security practices across four control areas. The vendor will receive a score from 300 (very poor) to 850 (excellent).
- TREATMENT Take action against vulnerabilities revealed by the assessment. Track improvements over time for an overall stronger security posture.
- SIMPLIFY your vendor risk management program, ensuring compliance without unduly burdening your company or vendors.
- STANDARDIZE the process for year-after-year efficiencies and greater scalability.
- DEFEND against any risk created by your vendors, and against lawyers, regulators and customers if a breach occurs.
Our assessment tools were developed by information security experts with a combined 300+ years of experience, and the same assessment has already been completed by more than 2,000 organizations.
ROADMAP necessary changes to improve your organization’s security posture in the most effective ways.
- Shared with you, the client.
- Can be implemented in-house or with our help.
TRACK the improvements you’ve made to your security program in real-time and watch your S2SCORE rise.