SECURITY ASSESSMENT2021-06-11T13:23:54+00:00

Security Assessment

Startup Questionnaire

/10

1 / 10

Do you have a documented and available set of updated and current procedures for security and IT management in your organization? This includes documents on data integrity, business conitnuity, incident response, physical security, etc

2 / 10

Is there a person primarily responsible for managing security initiatives within your organization?

3 / 10

Do you have a prepared and tested Business Continuity/Disaster Recovery plan?

4 / 10

Do you have a prepared and tested Incident Response Plan (including handling, monitoring and reporting of the incident)?

5 / 10

If you are developing in software/applications, have you implemented a secure software development lifecycle?

6 / 10

Are you performing vulnerability assessments, penetration testing and vulnerability management on information system assets (network, website, endpoints, servers, software, web applications, etc)?

7 / 10

Are you performing regular inventory of all IT assets (hardware and software)?

8 / 10

Are you a venture backed startup ?

9 / 10

Are you employing anti-malware and other security controls such as firewall, data loss prevention, intrusion detection/prevention systems across your environment?

10 / 10

Are you prepared to satisfy procurement mandates for your large client (internal security, data governance, legal mandates)?

SMB Questionnaire

/10

1 / 10

Do you have a documented and available set of updated and current procedures for security and IT management in your organization? This includes documents on data integrity, business conitnuity, incident response, physical security, etc

2 / 10

Is there a person or IT team primarily responsible for managing security initiatives within your organization?

3 / 10

Do you have a prepared and tested Business Continuity/Disaster Recovery plan?

4 / 10

Do you have a prepared and tested Incident Response Plan (including handling, monitoring and reporting of the incident)?

5 / 10

Do you have an ongoing security training (security awareneess, email phishing, etc) specific for the employees responsibilities?

6 / 10

Are you performing vulnerability assessments, penetration testing and vulnerability management on information system assets (network, website, endpoints, servers, sowtware, web applicaitons,etc)?

7 / 10

Are you performing regular inventory of all IT assets (hardware and software)?

8 / 10

Do you manage the security and access restrictions of your wireless networks?

9 / 10

Are you employing anti-malware and other security controls such as firewall, data loss prevention, intrusion detection/prevention systems across your environment?

10 / 10

Are you compliant ready - do you have documentation and processes in place for the audit?

Enterprise Questionnaire

/10

1 / 10

Do you have a prepared and tested Business Continuity/Disaster Recovery plan?

2 / 10

Do you have a prepared and tested Incident Response Plan (including handling, monitoring and reporting of the incident)?

3 / 10

If you are developing in software/applications, have you implemented a secure software development lifecycle?

4 / 10

Are you performing vulnerability assessments, penetration testing and vulnerability management on information system assets (network, website, endpoints, servers, software, web applications, etc)?

5 / 10

Are you performing regular inventory of all IT assets (hardware and software)?

6 / 10

Are you following a formal configuration management, patching and change control process?

7 / 10

Do you have a documented and standardized process for hardening systems and hosts, and is this process automated via a configuration management system?

8 / 10

Do you actively manage supply chain security risk and enforcing third party risk management?

9 / 10

Are you employing anti-malware and other security controls such as firewall, data loss prevention, intrusion detection/prevention systems across your environment?

10 / 10

Do you collect, monitor and analyze yoursystem, application and security logs in a dedicated, secure, centralized logging solution or a security monitoring system?