Rapid Enterprise Controls Assessment (RECA)
A Rapid Enterprise Controls Assessment (RECA) provides a significantly expanded view of your organization’s security posture compared to our Small Business Security Assessment. Where the SBSA is for business of 20 or fewer employees and $1.5 million in revenue, RECA is designed to tackle much larger, broad-based businesses that rely heavily on technology to communicate, process large orders or maintain industry compliance.
The Assessment ~ We come on-site for three to four days assessing your IT and IS architecture, audit the physical security of your location and we interview key people in your organization. Additionally, we break down your technology footprint looking for points of entry in your attack surface. The bulk of the assessment will be spent in one-on-one sessions with key personnel, examining all internal and external touch points
Reporting ~ From our comprehensive tour and survey, we match answers from discussions with corresponding threats and controls. Then we rate each of these on three different scales. After confirming our ratings with you, we provide you a report which includes a prioritized task list that enables you to focus on items that make the biggest improvements in your security for the lowest cost as well as recommended solutions for the more complex and costly stop~gap measures.
- Overview of Findings and Organizational Security Posture
- Strengths, Weaknesses, Opportunities and Threats (SWOT) Analysis Results
- Priority Response Model Results
- Comprehensive recommendation plan and with timeline of suggested implements
Recommendations ~ While our recommendations typically can be implemented immediately, in some cases we recommend additional analysis through more specifically targeted security assessments. We don’t pretend to perform a full organizational risk assessment and mitigation in less than a week. We do provide specific, actionable recommendations. When we recommend further security work, you have all of the details required so that you can engage any qualified security consulting firm. In fact, we specify what type of expertise you should be seeking for each such recommendation. We are happy to help where we can, but our recommendations are always vendor neutral. You need to work with the professionals that make you the most comfortable.
The RECA engagement is particularly helpful for organizations that have not had one individual who owns security for the entire organization. This can help determine if such a role is needed or if the current structure is appropriate given the organization’s size and tolerance for risk.