Medical Financial Government Small Business Other
How would you describe your workforce distribution?
How many employees do you have?
Who manages your IT infrastructure today?
Who is your email provider?
Who owns the equipment your employees use?
EMPLOYEE SECURITY AWARENESS
Do employees receive cybersecurity awareness training?
Are employees aware of their responsibilities regarding data privacy and security?
Is there a policy in place that outlines acceptable use of company resources?
Are there policies and procedures in place for password management?
Are employees aware of phishing and other social engineering attacks?
Are firewalls in place to restrict unauthorized access?
Are networks segmented to prevent lateral movement?
Are there any open ports or vulnerabilities?
Are there any unauthorized devices on the network?
Is there a network intrusion detection system in place?
Are all network devices (routers, switches, and access points) secured and updated regularly?
Are wireless networks secure?
Are protocols in place to secure remote access and ensure secure data transfer?
Are all applications up-to-date and patched?
Are there any unauthorized software applications or malware present?
Is there a process for identifying and addressing vulnerabilities in applications?
Are anti-virus and anti-malware software installed and up-to-date?
Are all endpoints encrypted?
Are there policies in place to prevent the installation of unauthorized software?
Are endpoints being monitored for suspicious activity?
Is sensitive data encrypted when stored or transmitted?
Are data backup and recovery plans in place?
Are access controls in place to restrict access to sensitive data?
Are there processes in place for securely disposing of sensitive data?
Is there a documented incident response plan?
Are there processes in place to identify and respond to security incidents?
Is there a process for reporting security incidents to relevant stakeholders?
Are there procedures in place to notify customers, partners, and other stakeholders in the event of a security breach?
Are there processes in place for lessons learned and continuous improvement?
Are all relevant regulations and industry standards being followed?
Are there processes in place for regular security audits and assessments?
Are security policies and procedures documented and regularly reviewed?
Is there an executive-level sponsor for cybersecurity efforts?
If you are human, leave this field blank.