3.1 Complete Security Program Health Assessments
This element aids in understanding the current state of your security program.
This element aids in understanding the current functional state of your security program. This information will be important in determining the decision and execution capability score for your program later on.
Security Program Health Assessment Tips
Tip #1: Remember the end goal is not to generate a ton of findings but instead to generate awareness about the functional health of your program. As well as how key functions like the ability to benchmark, measure, make informed decisions and execute work as a system together.
TIP #2: be honest with your rating. We try to cut out the noise with this framework; only you and whoever you would like are taking this assessment, so the more honest you are the better.
TIP #3: Do a little investigation into each answer- the more you find out the better in terms of what you have to work with later on.
Tip #4: Remember your focus is on improving the health of your information security program, not being 100% compliant or certified to a framework.
Tip #5: It is difficult to have a healthy security program if you answer no to any of these questions. If you do, don’t worry, just note that you have some work to do to improve your system.
Tip #6: Don’t forget to add these findings to your findings database
Remember, we understand that there might be questions and we are here to support you along the way!