undefined | Better HN

0 pointsrakkhi15y ago0 comments

It replaces some of Archers functionality in that 2 of the Archer modules are: risk management and threat management. However Archer is the rolls royce, it ties to be all Governace Risk and Compliance (GRC) to all people. It is also a lot broader than just security risks and can be used for all sorts of operational risks. And for that you pay the rolls royce price and companies where I have worked that have used it have need a team to support and develop/customize features and entire training courses to learn how to use it

My software enables users a lot simpler way of performing the risk assessment functionality focused on information security. It is designed to be really easy to use, turn-key with zero setup but still robust in the methedology, reporting and collaboration. You can also export to Archer if you have it.

That is what I'm wondering though... is $20 too low.. should I start at $100? I am talking to two MD's of large financials this week who maybe prospective clients and have agreed to mentor me so I will get their opinion on it also.

How much value do you think security risk assessment software that assists to cut your security costs by prioritizing investment where it makes a difference and helps you comply with regluation like PCI-DSS is worth to a customer? It is B2B only: target markets are large firms with large mobile security teams (30-100 in IT security) and smaller merchants that need to do risk assessments to comply with PCI-DSS Level 1 and 2

0 comments

2 comments · 1 top-level

maukdaddy15y ago· 1 in thread

I work with a customized Archer risk management module at work, so I'm pretty familiar with it. If you are targeting the enterprise/B2B market, they're going to laugh at $20.

In theory, PCI compliance is worth whatever revenue you bring in with credit cards, since being non-compliant theoretically means you could lose all of that revenue. That said, the typical model of security software is to charge as much as you possibly can. You're making a product that supposedly interfaces with Archer - who can easily charge $50k+ in renewal fees each year.

Enterprise customers usually equate higher $$$ with better functionality/more security. I say that with significant experience consulting and working for large enterprises. I'd thinking about charging significantly more, maybe even in the $499 range depending on the exact functionality of your product.

This is interesting, because I've recently been thinking a bout product ideas around the assessment process. Archer is WAY overkill for a lot of businesses, even some large businesses.

rakkhiOP15y ago

Thanks I really appricate your advice. Being familier with Archer and obviously the B2B Infosec / Risk market - if you were a buyer price would you pay for a SaaS security risk assessment software that is lot simpler to setup and use than Archer?

j / k navigate · click thread line to collapse