10 Question Security Assessment Process

10 Question Security Assessment Process for CIOs and CSOs

10 Question Security Assessment
Everything that needs to be done in order to improve the security and compliance of the enterprise

10 Question Security Assessment Process is a way for CIOs and CSOs to quickly identify risks that they need to address.

  1. What does the enterprise need to differently today in order to stop a breach tomorrow?
  2. Does the enterprise know if the company has been breached? How does it know?
  3. What assets are protecting, what are they being protected from (i.e., theft, destruction, compromise), and who are they being protected them from (i.e. cybercriminals or insiders)?
  4. What risks does the enterprise face if it is breached (i.e., financial loss, reputation, regulatory fines, loss of competitive advantage)?
  5. Does the enterprise’s IT security implementation match the enterprise’s business-centric security policies?
  6. Are formal written policies, technical controls or both in place? Are they being followed?
  7. What is the enterprise’s security strategy for IoT?
  8. What is the enterprise’s security strategy for BYOD and “anywhere, anytime, any device” mobility?
  9. Does the enterprise have an incident response plan in place?
  10. What is the enterprise’s remediation process? Can the enterprise recover lost data and prevent a similar attack from happening again?

Supports Meaningful Use Compliant Stage Implementation – Meets HIPAA Ransomware Guidelines — Comes in eReader, MS Word, and PDF formats. Includes 24 Electronic Forms that are ready to use and User Bill of Rights for Sensitive Data and Privacy

Order Security Policies and ProceduresDownload TOC security policies

Author: Victor Janulaitis

M. Victor Janulaitis is the CEO of Janco Associates. He has taught at the USC Graduate School of Business, been a guest lecturer at the UCLA’s Anderson School of Business, a Graduate School at Harvard University, and several other universities in various programs.