Cyber Security Self Assessment Step 1 of 2 50% Date of Report Name* First Last PhoneEmail* Company Name* Website Staff Maturity Our staff is aware of their accountability for protecting the organization's data. We do not define staff accountability for protecting the organization's data. Staff Training We offer cyber awareness training to our staff. We don't have cyber awareness training to our staff. Role-based Reesponsibility Roles are assigned to staff based on their need to access data. We do not have explicit roles defined for staff use of technology. Usage Policy We have written policies outlining what staff can and cannot do with the Organizations equipment. We tell our staff what they can and cannot do with the Organizations equipment. We don't have any specific policies for staff usage of our organization's equipment. Business Emergency Planning We have a plan for emergency situations? e.g. Who takes over what roles. We have one person responsible for all emergency responses. We have not created an emergency plan. Cyber Security Incident Response Planning We have an incident response plan. e.g. what do you do with the systems, who gets notified,... We have no plan Types of Data We have identified what kinds of data we own. We don't think we have any sensitive data. We are not sure what kind of data we have. Data may be Corporate Sensitive files holding financial or Intellectual property. It may also hold employee or client Personally Identifiable Information (PII), Personal Health Information (PHI), or Credit card information (PCI). Data Storage We have identified where sensitive or vital data is stored and how it is handled in the business. Our data is in a central locaion where everyone can access it. Everyone is responsible for storing their own files. We have not done a formal analysis but our data is NOT accessible by those who do not need to use it. Technology Area Our Network equipment and any computers that are not used at a personal workspace is in a data or other locked room. Our Network equipment and any computers that are not used at a personal workspace is stacked on a shelf Work Area Access to our business work area is controlled. We have an open access work area Workspace Privacy Display screens are NOT visible to visitors. Staff chooses the most convenient arrangement for their workspace. Computer Protection We have a business-class malware protection solution for all our computers. We added a 3rd-party anti-virus software package. We have the anti-virus software that came with the computers. We use a freeware anti-virus solution We just use the computers for email and browsing, so we don't need anti-virus software Software Updates All computers are updated on a regular basis. We update when we see a problem. We try to stay on the same version to reduce disruption causes by changes in the software. Mobile Device Management We use a MDM solution for all BYOD and organization's smartphones, tablets and laptops We use a MDM solution for all the organization's smartphones, tablets and laptops Our staff is responsible for managing their own devices. Backup Frequency We follow a schedule backing up oue data. Our data is continuously backed up by a cloud service. We backup our data at the end of the day/week. Backup Location We backup our data both locally and in the cloud. All our files are in the cloud. We backup all our data to the cloud. We keep copies of the local backups on a removable device. A single backup device is sufficient. We don't backup our data. Network Firewall Our firewall is configured specifically for our usage requirments. Our fiewall is set to the factory defaults We do't have a firewall. Advanced Nework Protection We have Intrusion Detection and Prevention services. We do NOT have Intrusion Detection and Prevention services. An IDS looks for patterns that might be a threat. AN IPS will attempt to contain actions that are not normal for your network.Remote Network Access We have a VPN for external access t our internal network. We do not allow external access to our network. We use Network Address Translation (NAT) to access network devices from outside the network. Cloud Reliability We have a record of all our SLAs The SaaS provider will protect our data We don't have any SLAs Service Level Agreements (SLAs) define the relationship between your organization and your Software as a Service (SaaS) providers. Access Channels We access our services via secure channels. We access our services via open channels. Access to services can be over open channels (e.g. http, ftp, telnet) or secure channels (e.g. https, sftp, ssh)Authentication Credentials We use 2 factor authentication were possible. a.k.a. Multi-factor Authentication We use username and Password We share the same accounts and cerdentials Website and Web Application Server Security We have security software protecting our website and/or application server. Our website is hosted, so we son't need to worry about it. Website and Web Application Server Software Our web and/or application server software regular updated. Our website is hosted, so we son't need to worry about it. Website and Web Application Server Backups We have backups of our website and/or application content. Our website is hosted, so we son't need to worry about it. Your Custom Cybersecurity AssessmentDate of Report Total Assessment ScoreYour total assessment score is an indicator of your Cyber Security readiness. Look below for individual section scores. Urgent Actions NeededPlease submit this form so that we can discuss a remediation plan with you.You will receive a pdf report of this survey when you submit this form Improvements Needed Please submit this form so that we can discuss a remediation plan with you.You will receive a pdf report of this survey when you submit this formYou are doing OK. Please continue look for areas where you can improve. We are here to help.You will receive a pdf report of this survey when you submit this formRisk Area ScoresStaff ScorePolicies ScoreData Risk ScorePhysical Environment ScoreComputing Devices ScoreData Integrity ScoreNetwork ScoreCloud Service ScoreExternal Systems ScoreYou are doing OK. Please continue look for areas where you can improve. We are here to help.You will receive a pdf report of this survey when you submit this form Improvements Needed Please submit this form so that we can discuss a remediation plan with you.You will receive a pdf report of this survey when you submit this form Urgent Actions NeededPlease submit this form so that we can discuss a remediation plan with you.You will receive a pdf report of this survey when you submit this form
