Vulnerability Assessment Questionnaire
Do you have a security plan in place? Who has access to it?
Does your organization have a resource dedicated to enforcing and maintaining security policies, such as a Chief Information Security Officer (CISO)?
Does your company have a bring-your-own-device (BYOD) policy?
Do you have a password policy for all company-issued devices? What about two-factor authentication?
Do you have account management and access controls in place?
Do you give employees and contractors only enough access to do their jobs (i.e., least privilege necessary, “need to know”, etc.)?
Does your organization have session controls in place?
What security products do you already have (e.g., firewall, intrusion detection, encryption)?
How often do you review your audit logs?
Do you have antivirus protection? How often do you update it?
Do you perform regular backups? All data or only business critical? How often do you test your backups?
Have you applied all applicable security patches?
What are your policies for data segregation and encryption?
What method do you use to dispose of sensitive data, or equipment that may have had sensitive data on it?
Where are your servers located? What access controls do they have?
Are your employees and contractors trained in security best practices?
What Protections Are in Place to Guard Against Data Theft?
What Is the Protocol if Your organization is Targeted in a Cyber Attack?
Are You Compliant With Laws Regarding Our Customers’ Information?
Do You Have a Disaster Recovery Strategy in Place?
Want to print your doc?
This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (