Has anyone had a Cyber Security firm come in and perform a risk assessment?
- What was the cost?
- Was it worth it?
- Vendor recommendations?
Hey Jonathan. In my previous life I worked in IT Security for 10 years and did some of this kind of work for the organization I worked with. In my opinion the biggest risks are your external presences (website, internet facing cameras, online bill pay, etc.) and the second would be social engineering on staff (phishing emails, phone calls, etc.). While I haven’t done or paid for a full assesment here, I would say it is worth it, as long as you have the budget available to remediate what is found. If you are going to have it done but won’t be able to make changes or pay for changes, then knowing the information would probably just cause unneeded anxiety. If you want to connect more feel free to reach out direct. I can recommend some tools to do some of this yourself.
-John
Hi Jonathan - does your church require PCI_DSS certification? If so, start with your PCI scan vendor - they offer internal scanning.
Also, check with your insurance company - perhaps Guidestone and Brotherhood might have recommendations here.
Social engineering is going to be one of the largest risks… so staff training will be helpful.
Jeremy Hoff
Shepherd Church
(818) 831-9333
A few organizations that are good are:
TrustedSec
Rapid7
SecureWorks
And yes - if you require PCI you will definitely want to start there.
MBS does these-- everything except vulnerability testing. See http://www.mbsinc.com/services/cybersecurity-risk-assessment/.