Discover Your Security Posture

Information Security Governance / Risk Management:

1. What is your industry?
---AgricultureApparelBankingBiotechnologyChemicalsCommunicationsConstructionConsultingEducationElectronicsEnergyEngineeringEntertainmentEnvironmentalFinanceFood & BeverageGovernmentHealthcareHospitalityInsuranceMachineryManufacturingMediaNot For ProfitRecreationRetailShippingTechnologyTelecommunicationsTransportationUtilitiesOther

2. How many employees does your organization have?
---0-99100-249250-499500-9991 000-2 4992 500-4 9995 000-9 99910 000-24 99925 000+

3. Do you have a dedicated information security and cybersecurity budget?
YesNo

4. Does your organization have a Chief Information Security Officer (CISO) or dedicated leadership resource responsible for information security?
YesNo

5. How many dedicated information security resources does your organization have?
---N/A1-56-1010+

6. Are their roles and responsibilities clearly defined?
YesNoN/A

7. Does your organization have an information security strategy?
YesNo

8. Does your information security strategy align with the business goals and mission?
YesNo

9. Does your organization have documented, approved and executed information security policy?
YesNo

Overall culture around cybersecurity and security awareness:

10. Are the board of directors and/or executive leadership team aware of information security risks?
YesNo

11. Do they participate in information security activities?
YesNoN/A

12. Is there a cybersecurity awareness program in place?
YesNo

13. Does your company have a strategy around information security awareness?
YesNoN/A

14. Does your company have a strategy around phishing simulation and social engineering testing?
YesNo

Application Security:

15. Do you currently have web applications in your organization?
YesNo

16. Has your organization conducted application security testing in the past 12 months?
YesNoN/A

17. Is security embedded into your application development life cycle / SDLC?
YesNoN/A

Infrastructure Security:

18. Does your organization ensure all devices that store or process sensitive information at a minimum have access control and anti-malware in place and up to date?
YesNo

19. Does your organization have a strategy and solution in place to detect, prevent and mitigate malicious communications and activities?
YesNo

20. Does your organization have a data classification policy in place and are sensitive data appropriately protected?
YesNo

21. Has your organization conducted a network penetration test or cyber security assessment in the past 12 months?
YesNo

Incident Response / Cyber Resilience:

22. Does your organization have an incident response plan and process in place?
YesNo

23. Does your organization periodically test the incident response plan and process in place?
YesNo

24. Do you have the capability detect, respond, remediate and recover from a cyber security incident?
YesNo

25. Do you have adequate visibility into your network / Is the networking being monitored?
YesNo

26. Do you have a business continuity plan?
YesNo

27. Is information security embedded in your business continuity plan?
YesNoN/A

Vulnerability Management:

28. Do you have a vulnerability Management program?
YesNo

29. Are you up to date with patch management?
YesNo

30. Does your organization regularly scan your environment for vulnerability?
YesNo

31. Does your organization have a remediation policy/plans for vulnerabilities?
YesNo

Regulatory Compliance:

32. Does your organization have to comply with regulations (SOX, PCI, HIPAA, and FISMA)?
YesNo

Third Party Management:

33. Does your organization have a third party risk management program in place?
YesNo

34. Does your organization protect sensitive information received from a third-parties during transmission and at rest (i.e. Encryption, SSL/TLS connections)?
YesNo

35. Does your organization ensure all third parties are protecting your sensitive information?
YesNo

---

Please fill this form to get your results