1. What is the status of our security policy framework?
2. Do we conduct regular security risk assessments and vulnerability scans?
2. Do we conduct regular security risk assessments and vulnerability scans?
Why it matters: Ensures that there are established guidelines and standards for protecting information assets.
2. Do we conduct regular security risk assessments and vulnerability scans?
2. Do we conduct regular security risk assessments and vulnerability scans?
2. Do we conduct regular security risk assessments and vulnerability scans?
Why it matters: Identifies potential threats and weaknesses in the system before they can be exploited.
3. What is our incident response plan, and how often is it tested?
2. Do we conduct regular security risk assessments and vulnerability scans?
Why it matters: Preparedness for responding to and mitigating the impact of security incidents is crucial for minimising damage.
4. Do all employees regularly undergo Cyber Security awareness training?
Why it matters: Human error is a significant risk factor; training helps reduce the likelihood of breaches caused by staff.
5. What measures are in place for data encryption, both at rest and in transit?
5. What measures are in place for data encryption, both at rest and in transit?
Why it matters: Protects sensitive information from unauthorised access and ensures data integrity.
6. How do we manage access controls and verify the identify of our users?
5. What measures are in place for data encryption, both at rest and in transit?
Why it matters: Ensures that only authorised personnel have access to sensitive information, reducing the risk of insider threats.
7. What is our patch management process for keeping systems and applications safe?
7. What is our patch management process for keeping systems and applications safe?
7. What is our patch management process for keeping systems and applications safe?
Why it matters: Prevents exploitation of known vulnerabilities in software and systems.
8. Do we have a comprehensive backup and disaster recovery plan?
7. What is our patch management process for keeping systems and applications safe?
7. What is our patch management process for keeping systems and applications safe?
Why it matters: Ensures data can be restored in case of data loss events, minimising downtime and impact.
9. How do we monitor and log security events and activities?
7. What is our patch management process for keeping systems and applications safe?
Why it matters: Continuous monitoring helps detect suspicious activities and provides data for investigating incidents.
10. Do we comply with relevant regulations and standards (e.g., GDPR, NIST CSF, NIS2, CAF,ISO27001)
10. Do we comply with relevant regulations and standards (e.g., GDPR, NIST CSF, NIS2, CAF,ISO27001)
Why it matters: Ensures that the organisation meets legal and industry requirements, reducing the risk of fines and legal issues.
How we can help
Get to know your organisation
These questions encompass a range of information security aspects, such as policies, risk management, incident response, training, technical controls, compliance, and overall security governance. Being able to affirmatively answer all these questions is a crucial step in operating an effective information security ecosystem. However, there is another question of equal importance: Can you provide evidence that you perform these actions when asked?
If the answer to any of the above is no, then we can offer assistance.
