Cyber Fitness Self-Test
100%
Exit Survey
 
Contact Information
First Name : 
Last Name : 
Email Address : 
 
 
Do you have an Information Security Officer with the necessary skillset, authority and time to dedicate to the implementation, management and monitoring of information security controls?
Yes Uncertain No
 
 
 

Do you have a comprehensive inventory of ALL systems (e.g., server, desktop, laptop, mobile device, networking device, printer, copy machine and any other device that connects to Internet), both in and out of service? 

Yes Uncertain No
 
 
 
Have you identified all relevant cyber threats that your organization is vulnerable to, and have you identified and documented existing controls that mitigate the threats to a reasonable residual risk?
Yes Uncertain No
 
 
 
Do you assess vendors that regularly access or store your data or perform IT support to ensure they have adequate security controls to protect your data?
Yes Uncertain No
 
 
 
Do all of your systems have the most recent operating system and application patches and updates?
Yes Uncertain No
 
 
 
Do all of your systems have updated anti-malware software and definition files?
Yes Uncertain No
 
 
 
Do you periodically train your employees on current threats and the importance of security controls in the workplace (e.g., phishing, email usage, safe web browsing, etc.)?
Yes Uncertain No
 
 
 
Do the mobile devices that access your organization’s resources require pass codes after a period of inactivity, encryption and malware protection; are they updated regularly; and do they have remote wipe and tracking ability?
Yes Uncertain No
 
 
 
Does your data reside solely on your servers or could data be stored on mobile devices, USB drives, unauthorized cloud services, laptops, personal computers, etc.?
Yes Uncertain No
 
 
 
Do you have appropriate password restrictions, invalid account lockout settings and multi-factor authentication on all critical applications?
Yes Uncertain No
 
 
 
Are your backups configured so that all critical data is backed up successfully each day?
Yes Uncertain No
 
 
 
Do you run monthly or quarterly vulnerability scans on your internal network and against your public facing devices?
Yes Uncertain No
 
 
 
Does your incident response plan account for various types of incidents, forensics procedures, and notification of affected parties and law enforcement?
Yes Uncertain No