360inControl® - A Cyber Security Assessor Experience

We are a Cyber Security Service Partner worldwide and provide services and competencies covering the whole Security Management Lifecyle. Amongst other cyber security key areas, our portfolio includes assessments on our customer’s Cyber- and Information Security of the company. My team and I perform assessments of all types, including the comparison of the maturity of an organization versus governance frameworks.

The outcome of such an assessment is a detailed report providing all information related to the assessment and showing the areas of risk.

In the past, we used spread sheets to prepare and conduct the assessment. The preparation and execution were very time-consuming. In addition, it was also cumbersome to work with several people on spread sheets, collecting the information for the results and report at the end. The manual work was very extensive.

Today I would like to share our experience using 360inControl for a recently performed customer assessment.

Preparation phase:

• Based on the existing control library of 360inControl we easily put together all the necessary controls for an assessment (ISO270001 and Security Initial Check). We could easily adjust or add controls wherever needed.
• It was very easy to assign team members to specific controls and areas.
• With low effort, I was able to adjust the report template with our company’s Corporate Identity.

On-site Assessment:

• My team could start immediately with the assessment. The control descriptions (control library) were very helpful, providing examples for test evidences and justification.
• We could enter all findings and evidences including attachments directly into the tool.
• We needed to create an interim status report and this was available within seconds.
• Assessor and reviewer comments were entered directly in the assessment and at the end of the assessment the management response was included.
• A very intuitive navigation through the controls supports the interactive part of the on-site assessment at the customer's premises.

Reporting:
With one klick, the report was created. I only had to do some changes, adding methodology description etc. As the report is available as a Microsoft Word™ file all adaptations could be done easily.

My conclusion is:
360inControl offers us an enormous increase in efficiency. We can carry out assessments with much less effort and consistent and increased quality. It can be used in a variety of ways, such as what governance processes should be in place, what is relevant for a vendor assessment, what is required in the area of data privacy and much more.

We will definitely proceed with using 360inControl for future assessments. The time and resources I am saving compared to the manual work in the past is tremendous. It makes our life much easier.

Andreas Crisante - Senior Cyber Threat Intelligence Advisor
wizlynx group - wizlynxgroup.com

CISS auf Security-Finder Schweiz