What’s the comparison of traditional risk assessments vs using a purpose built platform? With RealCISO.io we went for the obvious during development:
1. Consultant led assessments take a tremendous amount of time that’s mostly due to meetings, scheduling those meetings, and then coordinating the stakeholders for answers to questions and gathering evidence.
2. Cybersecurity assessments are point in time, there’s not another that’s free or available to reassess if your remediation’s took.
3. Traditional assessment costs start around $20k and can run upwards of $100k for larger organizations. Back to point 2, that’s for a single one and doesn’t include a follow-up.
4. You may wait days or weeks until you see initial results. When you’re in the assessment mode and have everyone’s attention to it’s importance, the dwell time to see results can remove that focus and attention.
5. Traditional assessments will be against one standard. Since you’re already discussing controls, wouldn’t it be easier to see where you stand against a number of different control frameworks?