Vulnerability Scanning for Small and Medium Businesses

Do you have a documented and available set of updated and current procedures for security and IT management in your organization? This includes documents on data integrity, business conitnuity, incident response, physical security, etc

Is there a person or IT team primarily responsible for managing security initiatives within your organization?

Do you have a prepared and tested Business Continuity/Disaster Recovery plan?

Do you have a prepared and tested Incident Response Plan (including handling, monitoring and reporting of the incident)?

Do you have an ongoing security training (security awareneess, email phishing, etc) specific for the employees responsibilities?

Are you performing vulnerability assessments, penetration testing and vulnerability management on information system assets (network, website, endpoints, servers, sowtware, web applicaitons,etc)?

Are you performing regular inventory of all IT assets (hardware and software)?

Do you manage the security and access restrictions of your wireless networks?

Are you employing anti-malware and other security controls such as firewall, data loss prevention, intrusion detection/prevention systems across your environment?

Are you compliant ready - do you have documentation and processes in place for the audit?