Startup Questionnaire
1 / 10
Do you have a documented and available set of updated and current procedures for security and IT management in your organization? This includes documents on data integrity, business conitnuity, incident response, physical security, etc
2 / 10
Is there a person primarily responsible for managing security initiatives within your organization?
3 / 10
Do you have a prepared and tested Business Continuity/Disaster Recovery plan?
4 / 10
Do you have a prepared and tested Incident Response Plan (including handling, monitoring and reporting of the incident)?
5 / 10
If you are developing in software/applications, have you implemented a secure software development lifecycle?
6 / 10
Are you performing vulnerability assessments, penetration testing and vulnerability management on information system assets (network, website, endpoints, servers, software, web applications, etc)?
7 / 10
Are you performing regular inventory of all IT assets (hardware and software)?
8 / 10
Are you a venture backed startup ?
9 / 10
Are you employing anti-malware and other security controls such as firewall, data loss prevention, intrusion detection/prevention systems across your environment?
10 / 10
Are you prepared to satisfy procurement mandates for your large client (internal security, data governance, legal mandates)?
SMB Questionnaire
Is there a person or IT team primarily responsible for managing security initiatives within your organization?
Do you have an ongoing security training (security awareneess, email phishing, etc) specific for the employees responsibilities?
Are you performing vulnerability assessments, penetration testing and vulnerability management on information system assets (network, website, endpoints, servers, sowtware, web applicaitons,etc)?
Do you manage the security and access restrictions of your wireless networks?
Are you compliant ready - do you have documentation and processes in place for the audit?
Enterprise Questionnaire
Are you following a formal configuration management, patching and change control process?
Do you have a documented and standardized process for hardening systems and hosts, and is this process automated via a configuration management system?
Do you actively manage supply chain security risk and enforcing third party risk management?
Do you collect, monitor and analyze yoursystem, application and security logs in a dedicated, secure, centralized logging solution or a security monitoring system?