Introducing Softcat’s free cyber security assessment | Softcat
Skip to main content

Login to eCAT

Customer Support
Contact Sales
Blog

Introducing Softcat’s free cyber security assessment

Evaluate your organisation’s cyber security posture with our 10-question assessment

Cyber Security

cyber assessment 10 question Single Image

David Hewson

Cyber Assessment Team Leader

Softcat’s Cyber Services team has released a free cyber security assessment, to help your organisation evaluate its security posture. The assessment takes about two minutes to complete and includes a follow-up report that provides further detail on improvements your organisation can implement. I know, I know, being free always causes some panic, especially in the cyber world - “if it’s too good to be true, it probably is.” Luckily, this isn’t the case with our cyber assessment.

As with any assessment (or anything for that matter), this isn’t a golden bullet; it’s not going to provide all the answers, and it’s not going to guarantee you never have any cyber-related issues again. However, it does provide a simple, multiple-choice, tiered approach to getting better visibility on what your organisation's cyber security posture looks like, and what the appropriate next steps may be.

Why did we create a free assessment tool?

This one is easy and has two answers:

A) You asked for it - a low-cost, more ‘Essential Cyber Hygiene' focussed assessment that could support both technical and non-technical-rich organisations.

B) Softcat is a value-added reseller (VAR), so what better way to add value than to provide something valuable and free?

What type of recommendations can you expect following the assessment?

The recommendations will vary depending on which tier you align to upon completing your assessment and, in turn, where the organisation may be on its cyber security journey.

Recommendations range from how you can increase your visibility, to key considerations before any further steps are taken, ways you can test the controls you believe are or aren’t in place, and much more.

Each report will also recommend various forms of more extensive assessments that capture further detail. These more extensive assessments will provide a clearer view of the organisation's posture and the best next steps. Softcat offer a range of more extensive assessments, and you can find out more here.

Who’s this assessment for?

This is an important question, and technically it’s for any organisation. However, it will likely provide the most value to those who aren’t regularly aligning to a security framework or have little visibility of their cyber security posture.

Two good questions I usually ask organisations are, ‘Why is x project on the roadmap?’ or ‘Why did you procure x solution?’ Using these questions and aligning to a framework will help to show weaknesses, potential gaps, and more within an organisation’s cyber security posture. If the responses to these questions are more reactive than proactive, then it's likely this assessment will be a great start.

How does this free assessment differ from the paid ones Softcat offers?

If we’re being honest, in quite a few ways as we usually strive to dig into each question/safeguard in more detail. We look to capture details beyond just what the controls are asking, as well as the “what's” and “whys.”

Naturally, there is often more to a paid assessment than what the free assessment will show, such as why certain controls aren’t in place, who’s responsible for x, what formats are best used when presenting information to those your organisation may need support or buy-in from, and how resources impact current and future changes. However, this free assessment is still a great start to improving your organisations security posture.

How was the tool designed?

We put a lot of thought into this question. Based on the original requests, which lean towards an ‘Essential Cyber Hygiene’ focus, we wanted to keep it refined but aligned; we’re not looking to reinvent the wheel.

We also utilised two well-known industry frameworks to create the assessment. Namely, the NCSC’s Top 10 requirements, to create questions for each section, and then blended in Implementation Group 1’s (IG1) Safeguards (a subsection within the Center for Internet Security (CIS) framework). From here, we created ten yes/no/partial questions and three tiers. Based on responses, the organisation will fall into one of the below:

1) Sentry - ready to take your first step towards a better security posture

2) Protector - you’re on your way towards a stronger security posture

3) Guardian - you have shown a strong approach to enhancing security

Which tier your organisation falls into will ultimately define which executive report is received and what recommendations are provided.

If you need support with the assessment

We’ve done our best to ensure the assessment is as inclusive as possible, but if you would like some help running through it, reach out to Engage@Softcat.com, and we can discuss the options.

You already know your organisation needs more than what the assessment offers...

Great news! This shows you’re already ahead of the curve. We have a team of skilled assessors ready to explore your requirements better and direct you to a prebuilt service or assist with designing one that ticks all your boxes. Please reach out to Engage@Softcat.com, and we can chat about the options.

Softcat can support your organisation

For more details on how Softcat can support your organisation on its security journey, please reach out to your Account Management team, or email us at Cyberservicesteam@softcat.com.