How secure is 'secure'?

Your responses to these questions will be scored, and upon completion you’ll receive an immediate score along with feedback and recommendations.

Question Title

* 1. Do you have an Information Security Officer with the necessary skillset, authority and time to dedicate to the implementation, management and monitoring of information security controls?

Question Title

* 2. Do you have a comprehensive inventory of ALL systems (e.g., server, desktop, laptop, mobile device, networking device, printer, copy machine and any other device that connects to Internet), both in and out of service?

Question Title

* 3. Have you identified all relevant cyber threats that your organization is vulnerable to, and have you identified and documented existing controls that mitigate the threats to a reasonable residual risk?

Question Title

* 4. Do you assess vendors that regularly access or store your data or perform IT support to ensure they have adequate security controls to protect your data?

Question Title

* 5. Do all of your systems have the most recent operating system and application patches and updates?

Question Title

* 6. Do all of your systems have updated anti-malware software and definition files?

Question Title

* 7. Do you periodically train your employees on current threats and the importance of security controls in the workplace (e.g., phishing, email usage, safe web browsing, etc.)?

Question Title

* 8. Do the mobile devices that access your organization’s resources require pass codes after a period of inactivity, encryption and malware protection; are they updated regularly; and do they have remote wipe and tracking ability?

Question Title

* 9. Are there controls in place to prevent sensitive data from being stored on devices or in applications that are not properly secured? Consider areas such as laptops, personal computers, mobile devices, USB drives, unauthorized cloud services, etc.

Question Title

* 10. Do you have appropriate password restrictions, invalid account lockout settings and multi-factor authentication on all critical applications?

Question Title

* 11. Are your backups configured so that all critical data is backed up successfully each day?

Question Title

* 12. Do you run monthly or quarterly vulnerability scans on your internal network and against your public facing devices?

Question Title

* 13. Does your incident response plan account for various types of incidents, forensics procedures, and notification of affected parties and law enforcement?

Question Title

* 14. Contact Information