S2SCORE (Formerly FISASCORE) Simplifies the IT Security Conversation
I’ve seen too many senior executives “check out,” their eyes glaze over, when crucial conversations about technology get… too technical.
Communication can be a major hurdle to an organization trying to improve their IT security. On one side of the table are IT professionals who understand the details of necessary enhancements and the risks of underdeveloped IT security.
On the other side are executives and shareholders who want what’s best for their organization (which is often maximum protection against security threats).
While the two groups work toward a shared goal of securing their network and crucial data, the conversation about how to do that can play like a scene between Charlie Brown and his teacher. This can be frustrating on both sides.
Wouldn't it be great to have some kind of standard way to assess IT security, so we can all understand one another? The good news is we now have S2SCORE (formerly FISASCORE®) to do just that.
What is S2 SCORE (formerly FISASCORE®)?
One way to standardize the IT security conversation is by finding your S2SCORE (formerly FISASCORE).
Think about an S2SCORE as similar to a credit score. It’s easier to say, “My credit score is 730,” than it is to go into detail about how that score came to be.
S2SCORE offers the same concept. It simplifies the IT security conversation to a numerical value. The score removes subjectivity and guesswork. This will focus IT conversations on the simple objective of raising the score.
What’s involved in the S2SCORE assessment?
S2SCORE is calculated through a comprehensive assessment that looks at Administrative, Physical, Internal Technical and External Technical controls. The better the four controls work together, the better the score. The assessment was built by SecurityStudio, an independent organization committed to developing an objective tool based on a combination of various security frameworks and standards.
After the assessment, in addition to your S2SCORE, you will walk away with an understanding of which IT initiatives your company can begin or work toward to increase your IT security, so you can remediate and close any gaps in your IT infrastructure.
Why I recommend the S2SCORE to clients:
S2SCORE gives a standard by which we can measure the quality of IT security in an organization. That’s why it was created, and that’s why I recommend it. It takes a complicated discussion about IT and untangles it, so you can discuss one number that everyone in the room understands. The assessment helps you understand where you are vulnerable and where your score stacks up compared to others.
S2SCORE makes it easier to show progress in IT security improvements. Let’s say your current score is 720 (the range is 300—850). Once you have a number that everyone can understand, you can start to track your progress. You want to be above 780 to be considered excellent. If you were at 500 last year, you may set a goal for 600 this year, working toward 700 in the year following.
S2SCORE will give you a competitive advantage. Your score can affect future business deals. Let’s say your business is at 800, and your potential partner says they’ll only do business with companies above 700. You’ll automatically gain an advantage over a lower-rated competitor. Insurance companies will also use your S2SCORE to assess the risk for cyber-attacks. If your company scores a 300, and is therefore at risk of getting hacked, the insurance provider may charge a higher premium.
I predict you will begin to see the S2SCORE as a standardized scoring method in requests for proposals (RFPs). Where a company may have in the past asked, “What are you doing for security?” and listed all of the security measures required of your business, they can now ask, “What’s your score? Is it 750 or higher?”
S2SCORE levels the playing field, so when we talk about IT security, companies are comparable side by side. A potential partner is more likely to do business with an organization who is less susceptible to a data breach.
Loffler is passionate about helping our customers and we view S2SCORE as a crucial element in helping organizations understand what needs to be done to stay safe. In the next year or two, we’ll see the popularity and regular use of S2SCORE rise. Now is the time to take the S2SCORE assessment at your organization.
Read next: Ten Reasons You Need an S2SCORE
Joe has been part of the Loffler IT leadership team since 2015 and has a deep background in enterprise software with experience spanning the areas of Unified Communications, Workflow Automation, Contact Center, Collaboration and ERP/SCM/WFM. A little known fact? Joe used to be the drummer in a blues band called the Electric Trane.