A Data Driven Approach to Improving Assessments
Assessments and audits play an essential role in ensuring the cybersecurity readiness of your clients. However, the process can be time-consuming and labor-intensive, with a significant amount of effort spent on collecting, organizing, and reporting data. In this article, we will delve into the challenges faced by MSSPs and provide practical solutions for streamlining the assessment reporting process.
The shortage of cybersecurity talent and the pressing need to improve cybersecurity posture make it imperative that MSSPs find ways to optimize their assessment reporting processes. Our research shows that conducting a typical assessment against an “easy framework” such as CIS takes 74.1 hours, while a typical SOC2 audit takes another 132.5 hours. These numbers are alarmingly high, and there is substantial room for improvement.
The key to reducing the time spent on assessments and audits lies in identifying areas of the process that offer the greatest improvement opportunities. The following is a breakdown of our research, showing the percentage distribution of effort in each step of the process and the associated improvement opportunities:The key to reducing the time spent on assessments and audits lies in identifying areas of the process that offer the greatest improvement opportunities. The following is a breakdown of our research, showing the percentages:
- Collecting evidence: 16.4% to 20.7%… improvement opportunity is mid-range.
- Sample size intake: 5% to 9%… improvement opportunity is small.
- Evidence testing: 17.1% to 22.5%… improvement opportunity is large.
- Description criteria (for SOC2): 23.3% to 34.4%… improvement opportunity is large.
- Control Examination: 19.6% to 29.1%… improvement opportunity is mid-range.
- Report compilation: 11.8% to 37.5%… improvement opportunity is large.
- Report QA: 6.7% to 12.9%… improvement opportunity is small.
From the data, it is clear that evidence testing, description criteria (for SOC2), and report compilation account for a significant portion of the assessment time and offer the greatest improvement opportunities for MSSPs. Streamlining these processes will have a substantial impact on reducing the overall assessment time.
As you take a close look at your assessment reporting process, what are the parts that are creating the most delay in your service delivery? After identifying areas of your process that offer the greatest improvement opportunities, you can put into place streamlined process that significantly reduce the time spent on assessments and audits by about 75% while enhancing the quality of outcomes.
With a well-optimized process, you can provide your clients with the highest level of cybersecurity readiness while freeing up valuable resources to focus on other important tasks. So, take the time to review your process, make necessary changes, and reap the benefits of a streamlined and efficient assessment reporting process
