How many employees do your company have?
What is your business annual revenue?
My company has a C-level directive for Cyber Security?
Has your company selected a Cyber Security Framework?
(COBIT, NIST CSF, ISACA, ISO 27001)
What percentage of the company computer hardware do you maintain in an inventory ?
Includes servers, desktops, printers, phones, routers, etc.
What percentage of Software Licenses do you maintain in an inventory.
My company has automated vulnerability and patch management for servers and desktops and they are updated in a timely manner.
Many companies allow individual to set their own updates. Some companies specifically turn off patches on select servers.
My company has secure configurations for network devices such as WIFI, switches, routers and firewalls. These devices are pathced in a timely manner.
In 2017 there were xxx patches issued for cisco routers and xxxx pathces issued for XXX wifi routers.
My company tightly controls the use of administrative privileges
My company has role-based accounts for software and hardware access and those accounts do not span roles.
Many companies add individual accounts to other groups or shares. These exceptions can cause a a security risk.
My company has alert management based on server log files
Alerts could note unusual activity, odd times for activity
My company has an Advanced Threat Protection solution in addition tio anit-virus and malware.
There are many companies offering software solutions under the ATP umbrella. (Proofpoint,Symantec ATP, O365 ATP, Fortinet,…)
My company has centrally deployed and monitored malware defenses
I have 100% confidence my company's ports and protocols adhere to my Network Control Policy.
Most companies with a network have a Network Control Policy. Making exceptions to it is where companies expose themselves to risk.
My company has a Disaster Recovery Plan and has been updated and tested in the last 12 months.
My company has a Business Continuity Plan and has been updated and tested in the last 12 months
My company has data leakage protection solutions in place
Data leakage solutions control access to sensitive data and prevent copying data to messenger programs or browser-based emails
My company has guest WiFi and an employee WiFi.
My company uses WPA2 enterprise for employee WiFi access.
My company has implemented Cybersecurity and Awareness training as for new hires
My company has a Cyber-Incidence response team and management plan in place
My company has ongoing Cybersecurity and Awareness training for all employees.
My company runs annual penetration tests and Red Team exercises