How Nebraska Book Company achieved greater efficiency in their risk assessments

Jeffrey Cochran (PCI ISA | PCI-P | CISSP | ITIL) is the head of information security at Nebraska Book Company, a technology firm based in Lincoln, USA, that provides software platform solutions and managed services to higher education institutions around the country.

Source: Nebook Facebook

Source: Nebook Facebook

Having been in the information security field for several years, Jeffrey is the ‘go-to’ guy when it comes to all things infosec. One of his key tasks is to achieve ongoing alignment with ISO 27001 and its best-practice companion, ISO 27002. The company uses the ISO standard as a framework for effective information security, although it has not yet opted for full certification.

His experience and qualifications have brought him to a point where he is satisfied with his progress in the field of information security, but he continues to read a lot about latest trends, improving his knowledge with certification-based training on an ongoing basis – something he recommends to all aspiring infosec managers.

The burning issue in information security

As most other information security professionals can attest, one of the key challenges that Jeffrey faces is the issue of money. “I can highlight a number of security risks, lay out the gaps that must be addressed, and present all the evidence needed to build a business case for greater information security investment, but gaining the budget to do everything I would like to achieve is not always easy.”

Of course, once the budget has been secured, then finding the time to implement those controls is Jeffrey’s second biggest challenge.

Reducing costs and improving efficiency

Having used spreadsheet-based software, the risk assessment process was proving too clunky and didn’t deliver the type of reporting the company was after.  Jeffrey was looking for a tool that could help Nebraska Book Company improve its efficiency.

Although there were several other tools on the market, Jeffrey found that vsRisk™ was very cost-effective, and the features seemed to be exactly what they needed. While comparing competitive products, he says, “vsRisk kept popping up. It was one of the few tools I found that made sense.”

How vsRisk™ helps Jeffrey

Today, he routinely uses vsRisk to conduct internal gap analyses and risk assessments against the requirements of ISO 27001. “Getting vsRisk was an invaluable move. We dramatically increased our efficiency in identifying risks using the ISO 27001 framework. It has helped us track deficiencies in our controls, manage tasks and responsibilities and assign risk rankings. Being able to pull all the information together into a readable format helped us to significantly reduce the time we spent on risk assessments. It also gives us all the information we need when we prepare reports for our executive team,” he says.

“Being able to import the documentation toolkit is another great value-add, in addition to the affordable price and excellent support I received from the team at IT Governance.”

Are you looking for a better information security risk assessment tool that will save you time and money?  Find out how vsRisk can work for you, too, by booking a personal, online demo with us today.

View all the features of vsRisk here.

vsRisk blog

 

Leave a Reply

Your email address will not be published. Required fields are marked *