†Thycotic, a provider of privileged account management (PAM) solutions for more than 7,500 organizations worldwide, today announced its free PAM Risk Assessment Tool – a tool for organizations to complete an official, standards-based assessment to obtain their risk score on their PAM security. After completing the assessment, organizations receive an executive-level report with their individual score and their risk category – high, moderate, or low – with specific instructions on how to lower their risk.†
This free tool is based on†standards from†ISO, NIST, PCI, CIS CSC, and EU GDPR†that indicate an organization’s compliance with risk lowering controls and best practices. Risk is assessed in several privileged access management domains such as role-based access control, audit procedures, password strength, and security policy enforcement. The score uses traditional risk methodology that combines the probability of the threat occurring with the severity that the occurrence would have on the particular organization.
A risk assessment is most often an expensive, lengthy, on-site consulting engagement by a certified professional that many large organizations conduct to categorize their security level.
“Many organizations with limited security and IT budgets can’t afford a consulting engagement. This tool provides an official PAM risk report at no cost in a few minutes,” said†James Legg, CEO at Thycotic. “We’re at a point in the security industry that education within the organization is an extremely powerful force. With this tool as a starting point, we want companies to learn where they have vulnerabilities and how they can lower risk immediately and take the effective next steps.”
Official assessment reports typically provide a risk score but often require another consulting engagement to identify the standards and controls that need to be implemented for improvement. The Thycotic PAM Risk Assessment report identifies exact controls, your score on that control, and immediate steps for improvement. C-level executives and security professionals can use the report to raise awareness and gain approval for better Privileged Account protection.†