Find Your Seccon Quiz

WHAT'S YOUR
SECCON?

Find Your Security Readiness Condition 

1. What is the expected level of Attacker for the organization?

The first step to determine your suggested SecCon level is to consider the skill of the attack likely for an environment. The attacker type determines the baseline SecCon level which helps identify the controls necessary to prevent, restrict, or detect the attacker.

 
 
 
 
 

2. How much does Information Technology impact the organization?

While some organizations only use IT for business convenience, it can also be used as a critical differentiator, to hold sensitive data, or control necessary systems to produce a good or service. The impact of downtime can significantly modify the controls that should be implemented.

 
 
 
 
 

3. What is the organization’s tolerance to Risk?

Understanding the culture of an organization is important to determining the extent of the mitigation strategy. Similar to a low vs. high deductible on car insurance, the lower the tolerance, the more significant the investment in security.

 
 
 
 
 

4. Is the organization required to meet any Compliance regulations?

Compliance is a simple modifier to the SecCon level. Where it is required, an organization should maintain a minimum of SecCon 4, regardless of compliance framework.

 
 

Question 1 of 4

Field Offices

Connect With us