Cyber Fitness Self-Test How secure is 'secure'? Your responses to these questions will be scored, and upon completion you’ll receive an immediate score along with feedback and recommendations. OK Question Title * 1. Do you have an Information Security Officer with the necessary skillset, authority and time to dedicate to the implementation, management and monitoring of information security controls? Yes Uncertain No OK Question Title * 2. Do you have a comprehensive inventory of ALL systems (e.g., server, desktop, laptop, mobile device, networking device, printer, copy machine and any other device that connects to Internet), both in and out of service? Yes Uncertain No OK Question Title * 3. Have you identified all relevant cyber threats that your organization is vulnerable to, and have you identified and documented existing controls that mitigate the threats to a reasonable residual risk? Yes Uncertain No OK Question Title * 4. Do you assess vendors that regularly access or store your data or perform IT support to ensure they have adequate security controls to protect your data? Yes Uncertain No OK Question Title * 5. Do all of your systems have the most recent operating system and application patches and updates? Yes Uncertain No OK Question Title * 6. Do all of your systems have updated anti-malware software and definition files? Yes Uncertain No OK Question Title * 7. Do you periodically train your employees on current threats and the importance of security controls in the workplace (e.g., phishing, email usage, safe web browsing, etc.)? Yes Uncertain No OK Question Title * 8. Do the mobile devices that access your organization’s resources require pass codes after a period of inactivity, encryption and malware protection; are they updated regularly; and do they have remote wipe and tracking ability? Yes Uncertain No OK Question Title * 9. Are there controls in place to prevent sensitive data from being stored on devices or in applications that are not properly secured? Consider areas such as laptops, personal computers, mobile devices, USB drives, unauthorized cloud services, etc. Yes Uncertain No OK Question Title * 10. Do you have appropriate password restrictions, invalid account lockout settings and multi-factor authentication on all critical applications? Yes Uncertain No OK Question Title * 11. Are your backups configured so that all critical data is backed up successfully each day? Yes Uncertain No OK Question Title * 12. Do you run monthly or quarterly vulnerability scans on your internal network and against your public facing devices? Yes Uncertain No OK Question Title * 13. Does your incident response plan account for various types of incidents, forensics procedures, and notification of affected parties and law enforcement? Yes Uncertain No OK Question Title * 14. Contact Information Name Company State/Province Email Address Phone Number OK DONE