Last week, CompTIA announced a free-for-registered users IT Security Assessment Wizard in a press release. I decided to try it out and see if it would be of any value to evaluate my clients and provide them the report.
To access the IT Security Assessment Wizard, you must sign in with a CompTIA account. If you don’t have one, you can register and use the Wizard immediately.
The IT Security Assessment Wizard takes the form of a quick survey. It states that it doesn’t record any of the information. The survey has three sections in question-and-answer format about existing hardware, policies, and security tools including MDM, antivirus/antimalware, firewall, IDS, encryption, data backups, disaster recovery, policies, and more.
The IT Security Assessment Wizard provides a tool for Solution Providers to start conversations with their clients and prospects about their Security infrastructure. It is a “process” to walk a potential customer through a series of questions, and produce a comprehensive customer profile. Once complete, the profile is a springboard for subsequent security service discussions and potential consulting and product sales.
This wizard is intended to be used by solution providers while talking to their clients. This is a simple question and answer format. There are three sections to be completed and the result will be a comprehensive client profile including existing hardware, policies, and security tools currently in place. The profile will also include definition of security tools not currently in use and the risks and benefits of said tool.
You can save, email, or print the assessment results. I found the survey to be a good interview for a client to see from a neutral perspective the infrastructure needed to accomplish many common setups securely. I think it would also help an organization evaluate how their IT consultant or MSP is doing if they are leading you astray or are not able to answer your questions. The best thing about the assessment is that it takes the information, summarizes it into a single document, and then provides risk and benefit information about that topic. It is vendor-neutral and factual, so it provides honest information in one seven-page document without trying to make a sale and get commission.
You can see an example of the first page of the security assessment wizard below. I redacted some client information but otherwise, it’s a good example of what you would get after completing the form.