Let’s Get Started

Thank you for your interest in Upstart Cyber. The purpose of this audit is to streamline the fact-finding process. We’ll quickly follow-up to arrange a phone or videoconference to better understand your cybersecurity ecosystem, and to develop a cyber security solution specific to your needs. Please provide your contact information, all other fields are optional, though we encourage you to provide as much information as possible.

SecurityAudit
How would you describe your workforce distribution?
Who manages your IT infrastructure today?
Who is your email provider?
Who owns the equipment your employees use?

EMPLOYEE SECURITY AWARENESS

Do employees receive cybersecurity awareness training?
Are employees aware of their responsibilities regarding data privacy and security?
Is there a policy in place that outlines acceptable use of company resources?
Are there policies and procedures in place for password management?
Are employees aware of phishing and other social engineering attacks?

NETWORK SECURITY

Are firewalls in place to restrict unauthorized access?
Are networks segmented to prevent lateral movement?
Are there any open ports or vulnerabilities?
Are there any unauthorized devices on the network?
Is there a network intrusion detection system in place?
Are all network devices (routers, switches, and access points) secured and updated regularly?
Are wireless networks secure?
Are protocols in place to secure remote access and ensure secure data transfer?

APPLICATION SECURITY

Are all applications up-to-date and patched?
Are there any unauthorized software applications or malware present?
Is there a process for identifying and addressing vulnerabilities in applications?

ENDPOINT SECURITY

Are anti-virus and anti-malware software installed and up-to-date?
Are all endpoints encrypted?
Are there policies in place to prevent the installation of unauthorized software?
Are endpoints being monitored for suspicious activity?

DATA SECURITY

Is sensitive data encrypted when stored or transmitted?
Are data backup and recovery plans in place?
Are access controls in place to restrict access to sensitive data?
Are there processes in place for securely disposing of sensitive data?

INCIDENT RESPONSE

Is there a documented incident response plan?
Are there processes in place to identify and respond to security incidents?
Is there a process for reporting security incidents to relevant stakeholders?
Are there procedures in place to notify customers, partners, and other stakeholders in the event of a security breach?
Are there processes in place for lessons learned and continuous improvement?

COMPLIANCE GOVERNANCE

Are all relevant regulations and industry standards being followed?
Are there processes in place for regular security audits and assessments?
Are security policies and procedures documented and regularly reviewed?
Is there an executive-level sponsor for cybersecurity efforts?