10 Security Assessment Questions
Security Assessment Questions
- To stop a breach tomorrow, what does the enterprise need to differently today?
- Does the enterprise know if the company has been breached? How does it know?
- What assets are being protecting, what are they being protected from (i.e., theft, destruction, compromise), and who are they being protected them from (i.e. cybercriminals or insiders)?
- What risks does the enterprise face if it is breached (i.e., financial loss, reputation, regulatory fines, loss of competitive advantage)?
- Does the enterprise’s IT security implementation match the enterprise’s business-centric security policies?
- Are formal written policies, technical controls or both in place? Are they being followed?
- What is the enterprise’s security strategy for IoT?
- What is the enterprise’s security strategy for BYOD and “anywhere, anytime, any device” mobility?
- Does the enterprise have an incident response plan in place?
- What is the enterprise’s remediation process? Can the enterprise recover lost data and prevent a similar attack from happening again?
Security Compliance – Comprehensive, Detailed and Customizable for Your Business
The Security Compliance Policy and Audit Program bundle provides all the essential sections of a complete security manual and walks you through the creation of each step. Detailed language addressing more than a dozen security topics is included in 220 plus page Microsoft Word document, which you can modify as much or as little as you need to fit your business requirements. The template includes sections on critical topics like:
- Risk analysis – Threat and Vulnerability Assessment via Electronic Forms
- Staff member roles
- Physical security
- Electronic Communication (email / SmartPhones)
- Blogs and Personal Web Sites
- Facility design, construction and operations
- Media and documentation
- Data and software security
- Network security
- Internet and IT contingency planning
- Outsourced services
- Waiver procedures
- Incident reporting procedures
- Access control guidelines
- PCI DSS Audit Program as a separate document