Sample How many employees do your company have? 0 - 100 101 - 200 201 - 300 301 + None What is your business annual revenue? < $1M $1M - $5M $5M - $15M > $15M None My company has a C-level directive for Cyber Security? True False None Has your company selected a Cyber Security Framework? (COBIT, NIST CSF, ISACA, ISO 27001) Yes No None What percentage of the company computer hardware do you maintain in an inventory ? Includes servers, desktops, printers, phones, routers, etc. 0 - 20% 21% - 40% 41% -60% 61% - 80% 81% -100% None What percentage of Software Licenses do you maintain in an inventory. 0 - 20% 21% - 40% 41% - 60% 61% - 80% 81% - 100% None My company has automated vulnerability and patch management for servers and desktops and they are updated in a timely manner. Many companies allow individual to set their own updates. Some companies specifically turn off patches on select servers. True False None My company has secure configurations for network devices such as WIFI, switches, routers and firewalls. These devices are pathced in a timely manner. In 2017 there were xxx patches issued for cisco routers and xxxx pathces issued for XXX wifi routers. True False None My company tightly controls the use of administrative privileges True False None My company has role-based accounts for software and hardware access and those accounts do not span roles. Many companies add individual accounts to other groups or shares. These exceptions can cause a a security risk. True False None My company has alert management based on server log files Alerts could note unusual activity, odd times for activity True False None My company has an Advanced Threat Protection solution in addition tio anit-virus and malware. There are many companies offering software solutions under the ATP umbrella. (Proofpoint,Symantec ATP, O365 ATP, Fortinet,…) True False None My company has centrally deployed and monitored malware defenses True False None I have 100% confidence my company's ports and protocols adhere to my Network Control Policy. Most companies with a network have a Network Control Policy. Making exceptions to it is where companies expose themselves to risk. True False None My company has a Disaster Recovery Plan and has been updated and tested in the last 12 months. True False None My company has a Business Continuity Plan and has been updated and tested in the last 12 months True False None My company has data leakage protection solutions in place Data leakage solutions control access to sensitive data and prevent copying data to messenger programs or browser-based emails True False None My company has guest WiFi and an employee WiFi. True False None My company uses WPA2 enterprise for employee WiFi access. True False None My company has implemented Cybersecurity and Awareness training as for new hires True False None My company has a Cyber-Incidence response team and management plan in place True False None My company has ongoing Cybersecurity and Awareness training for all employees. True False None My company runs annual penetration tests and Red Team exercises True False None Name Email Time's up By WP Tangerine|October 9th, 2018|0 Comments