Is there a process defined to create and maintain a catalogue of assets and their business criticality?
Do you have a cyber security strategy and appropriate policies in place to address digital initiatives?
Are roles and responsibilities defined for cyber security across your organisation?
Do you maintain a security integration tool to ensure that your organisation adheres to a risk-based approach for critical business processes and related infrastructure?
Is there an internal audit, risk management or compliance department with responsibility for identifying and tracking resolution of IT risk related issues?
Does your organisation have a process for monitoring access to security tools?
Does your organisation conduct security awareness training for employees, executives, and business partners?
Are there processes defined and appropriate set of tools in place to ensure data is encrypted across its lifecycle?
Are security policies (that address purpose, scope, roles, responsibilities, management commitment, and coordination among organisational entities), processes, and procedures are maintained and used to manage the protection of information systems and assets?
Is maintenance and repair of organisational assets performed and logged in a timely manner, with approved and controlled tools?
Do you have an enterprise-level security architecture defined and adhered across the organisation?
Do you maintain a matrix-based dashboard to monitor events continuously?
Do you maintain vendor management programme to determine organisational risks?
Are technical security solutions implemented to detect the security and resilience of systems and assets, consistent with related policies, procedures, and agreements?
Have you implemented technical controls and processes to detect security events?
Does your cyber security incident response cover all stages of an investigation?
Does your cyber security incident response process enable you to respond to all the incidents within timelines?
Do you analyse cyber security threats and associated vulnerabilities on a regular basis?
Do you have the right set of tools and technologies to mitigate the cyber security incidents?
Does your organisation analyse its past security incidents to improve response strategies and tactics?
Do you have a crisis management team to support serious cyber security incidents?
Do you identify, document and communicate the lessons learned from cyber security incidents?
Do you maintain a documented and proactive security breach response process?
Do you maintain a BCP/DR programme to resolve and recover from cyber security incidents?
Does your organisation have the ability to recover from data compromise and availability issues?
Can you count on your corporate security? Get the report to find out more.