Information security is so much more than making sure firewalls and anti-virus are up to date. While these technical controls are important to your overall security plan, they do not tell the whole story.

We have focused recent blog posts on how an S2Score is a comprehensive measurement of risks to information security. Today we are going to dive in to the specifics of what that means.

The S2Score assessment looks for vulnerabilities, weak points and deficiencies in your information security with the ultimate goal of protecting the confidentiality, integrity and availability of information.

What makes an S2Score security assessment comprehensive?

To be truly comprehensive, you need to look at more than just the technical aspects of security, which have to do with hardware and software. To look at the whole picture of information security, three controls need to be considered, and the S2Score assessment looks at all of them:

Technical Controls

Technical controls are what you probably picture first when reviewing information security. These have to do with your IT hardware and software and are divided into two sub-categories: internal and external.

Internal technical controls protect information within your network.

  • Firewalls
  • Intrusion prevention systems
  • Anti-virus software
  • Mobile Device Management (MDM)
  • Usernames/passwords
  • Security logs
  • Access controls
  • Data encryption
External technical controls protect outside access to your network.

Administrative Controls 

Administrative controls include organizational processes, policies and procedures and the humans behind them who choose, develop, implement and maintain security practices in your environment. People are the biggest weak points in your network, and the more you can educate them and give them standards to adhere to, the more secure your information will be. Administrative controls can include:

  • Policies, such as requirements to lock computer screens while unattended
  • Awareness training and education
  • Guidelines
  • Standards
  • Procedures, such removing network access during employee offboarding
  • Appointed security officers
  • Internal audits
  • Business continuity plans
  • Reporting of security breaches

Physical Controls 

Physical controls have to do with your building security. Security measures are useless if your files or servers are physically stolen or destroyed. An S2Score assessment will look at physical controls, such as:

  • Locked doors
  • Camera surveillance
  • Alarm systems
  • Backups stored offsite
  • Employee ID badges
  • Locked file cabinets
  • Restriction of employee access to sensitive areas
  • Measures to prevent fire and flood damage

By assessing these different control areas with an S2Score, you not only get the most comprehensive look at your information security risk, you also get a comprehensive report and action plan to address any control areas that might be lacking. The size, complexity and function of your organization will determine the extent of the technical, physical and administrative controls you need, as will the type of IT infrastructure you have and your industry’s compliance requirements.

It is common for organizations to spend their budget and time on technical controls, while administrative and physical controls are lacking. This oversight can have dramatic impacts on your security posture. You do not have to be an IT expert to understand the value of each of these controls to your overall information security.


Read Next: Ten Reasons You Need an S2Score

Joe Dashow

Joe has been part of the Loffler IT leadership team since 2015 and has a deep background in enterprise software with experience spanning the areas of Unified Communications, Workflow Automation, Contact Center, Collaboration and ERP/SCM/WFM. A little known fact? Joe used to be the drummer in a blues band called the Electric Trane.

Latest News

May, 18th, 2018

Managed IT Services vs. Professional IT Services

Many small and medium-sized businesses (SMBs) lack the funding or the resources necessary to establish a fully ...
Read More
May, 18th, 2018

SMB Cybersecurity Market: What You Need to Know

Many SMBs don’t consider cyberattacks to be a risk to their organizations or even consider strong security to be a high ...
Read More
May, 18th, 2018

How to Recession-Proof Your IT Infrastructure

It’s a question on the minds of many: Is there a recession coming?  While everyone can speculate, no one knows for ...
Read More