Question Title

* 1. Security Risk Assessment: Have you carried out a comprehensive Security Risk Assessment in the last 12 months, in line with best practice (U.S. SEC or ISO 27001)?

Question Title

* 2. Baseline Security Policy: Do you have a baseline security policy e.g. minimum password complexity, removing users from local admin groups, and hardening security on servers and desktops?

Question Title

* 3. Patching Servers and Workstations, and Antivirus: How confident are you that your servers and workstations are fully patched with the latest operating system and application security updates with the latest version of antivirus installed?

Question Title

* 4. Mobile Device Management (MDM): Do you manage your organisation’s mobile devices (including smartphones and tablets) with an MDM solution for both secure email/application delivery and fleet management?

Question Title

* 5. Penetration Testing: Have you had an external penetration test carried out in the last 12 months to validate your current security environment and highlight any vulnerabilities?

Question Title

* 6. Employee Security Awareness: Security is not just limited to technology, but also people and processes. Regular security awareness training acts as a valid part of cybersecurity protection. Do you deliver regular security awareness training for staff?

Question Title

* 7. Controlling Staff Access: How confident are you that you have full control/visibility of what staff access in terms of USB drives, personal emails such as Gmail or Hotmail, Facebook etc, and that you have robust joiner/mover/leaver processes in place to activate and deactivate access to systems?

Question Title

* 8. Regular Backups and Testing: Are backups are in place and restored regularly? Do you carry out regular tests? - How confident are you that you could recover your information in the case of an attack?

Question Title

* 9. Business Continuity (BC) and Disaster Recovery (DR) Planning: Do you have a BC/DR plan in case the worse scenario occurs (fire, flood etc.)?

Question Title

* 10. Offsite Email Archiving System: Compliance is no longer a ‘nice to have’. All financial firms must store email communications for a number of years. If you needed to access them could you do so easily?

How strongly do you agree/disagree with the following qualifying statements?

Question Title

* 11. Showing Improvement: Our Company has a concise way of reporting or tracking maturity improvement in our Cyber Security. We are able to show a return on investment or make effective decisions on how to spend budgets.

Question Title

* 12. Monitoring: Our Company has too many monitoring tools and not enough resource to keep an eye on them at all times. We do not have 24/7 operation or the time required to analyse the output of our many systems.

Question Title

* 13. Threat Intelligence: Our Company finds it hard to keep on top of the changing threat landscape. We might have threat feeds, but we need something tailored to our organisation so we can understand if we are at risk.

Question Title

* 14. Visibility: Our company has adequate visibility of threats to our network and data, and the activities occuring on our internal systems. We could confidently say whether or not we have been breached.

Question Title

* 15. Incidence Response: If we suffered a Cyber Security breach or loss of data our company has a clear plan on how to respond.

Question Title

* 16. Compliance: There are a growing number of standards and regulations to which our company must comply. These are becoming increasingly burdensome. We need a way to streamline adherence and broaden the remit without additional cost and effort.

0 of 19 answered
 

T