• S2ORG – the organizational information security risk assessment tool used by more than 1,000 organizations, both public and private.
  • S2VENDOR – the third-party information security risk management tool developed to simplify, automate, and standardize these processes.
  • S2ME – the personal information security risk assessment tool to address our most significant risk, “us”.
  • S2TEAM – the organizational collection of aggregate S2ME metadata to enable more effective information security training and awareness programs.

Click here to get started now!

Or if you prefer, get in touch with our Minneapolis cybersecurity and managed security service team using the form below – we will be happy to help

    Please help our Minneapolis managed security service experts understand better how to respond to your inquiry by selecting one of the following options:


S2Org is a comprehensive, risk-based measurement of information security assigned to your company based on a proven and thorough assessment process. Once completed, S2Org will identify critical vulnerabilities, control gaps/ deficiencies, and applicable threats to the security of your organization.


S2Org allows businesses and organizations to know and understand how they are vulnerable and how they compare with peers within similar industries. S2Org can also be used to communicate the level of information security risk to interested third-parties (customers, stakeholders, auditors, regulators, et al.).

S2Org is constantly calibrated to the latest security threats used by attackers with controls designed to mediate those threats and protect data from unauthorized access, disclosure, distribution and destruction. The S2Org framework consists of a thorough evaluation of risks within four phases: Administrative Controls, Physical Controls, Internal Technical Controls, and External Technical Controls.

ADMINISTRATIVE CONTROLS are sometimes referred to as the “human” part of information security and are controls used to govern other parts of information security. Common administrative controls include policies, awareness training, guidelines, standards, and procedures.

PHYSICAL CONTROLS are the security controls that can often be touched and provide physical security to protect your information assets. Common physical controls include doors, locks, camera surveillance, and alarm systems.

INTERNAL TECHNICAL CONTROLS are the controls that are technical in nature and used within your organization’s technical domain (inside the gateways or firewalls). Internal technical controls include things such as firewalls, intrusion prevention systems, anti-virus software, and mobile device management (MDM).

EXTERNAL TECHNICAL CONTROLS are technical in nature and are used to protect outside access to your organization’s technical domain (outside the gateways or firewalls). External technical controls consist of search engine indexes, social media, DNS, port scanning, and vulnerability scanning.


Our Minneapolis cybersecurity company will perform a verified S2Org assessment gives your organization a score to quickly and confidently understand and quantify information security risks and provides a common vision on how to prioritize and address them. This includes a comprehensive action plan that is designed to dramatically increase the overall health and score of your company’s greatest assets.

Click here for a FREE S2ORG signup to get started. A member of our Minneapolis cybersecurity and managed security service team will be in touch with you to help guide you through the process.

Security Studio now gives you the ability to get a free estimate of your S2Org which will help you get an idea of where your organization is related to the health of your information security.


Every organization, big or small, should be aware of their most significant information security risks. S2Org will identify and address your organization’s risks through a standardized, consistent and efficient process that enables all members of your organization to quickly and confidently understand and quantify risks.