CYBER RISK SELF-ASSESSMENT CHECKLIST

CYBER RISK SELF-ASSESSMENT CHECKLIST

You don’t prepare for a hurricane after it hits, right? You shouldn’t think about Cyber-Security threats after you’ve been hacked.

While there is no way to completely eliminate cyber risk, there are steps every business – from the smallest Main Street shops to the international joint ventures – can take to drastically reduce not only the likelihood of a breach, but also the overall impact should one occur. Some few data breaches:

For more: C3 : Cyber-Crime, Cyber-Terrorism, Cyber-Warfare

Consider using this Check-list to help establish a basic understanding of the current level of cyber risk your organization is facing. It will also identify specific areas where improvements can be made, thus reducing risk.

SECURITY POLICIES

-Does your organization maintain information security policies?

-Is there a mechanism for information security policy enforcement?

-Does your organization maintain configuration management policies and tracking of all software and hardware?

-Is sensitive data (HR, financial, intellectual capital, etc.) labeled as such?

-Is access to sensitive data controlled and logged?

INCIDENT RESPONSE

-Do you have an incident response plan?

-Has your incident response plan been tested?

-Do you have an incident response team/Cyber-Security firm/general counsel/crisis communication firm identified?

CONTINUITY OF OPERATIONS

-Have you systematically evaluated all of the potential sources of disruption to your business?

-Do you have an active program to reduce the likelihood of a disruption?

-If you could not re-enter the workplace because of an emergency, do you have a pre-determined location to meet?

-Do you maintain a list of employees, customers, and suppliers at an off-site location?

-If you lost a critical system, do you have a pre-determined plan to restore the system?

-Is your business resumption plan securely stored in a remote location?

-Do you periodically test your business resumption plan along with your site emergency response plan?

BUSINESS PROCESSES

-Do you have proven anti-virus software loaded and active on your computer?

-Do you delete, without opening, emails from unknown sources?

-Do you back up data on a regular basis?

-Do you utilize strong, difficult to guess passwords?

-Do you use security hardware and software such as firewalls and intrusion detection/prevention systems?

-Are you maintaining configuration management through security policy implementation and systems hardening?

-Are you maintaining software patch management on all systems by following a regular schedule for updates?

-Do you subscribe to security mailing lists?

-Are you performing security testing through security audits and penetration scanning?

-Are you ensuring the physical security of systems and facilities?

-Do you ensure users have antivirus software loaded and active on their systems?

-Are you maintaining operational management through the review of all log files, ensuring systems backups with periodic data restores and reporting any known issues or risks?

Src:  sera-brynn.com

Some Checklist :

1: https://www.utah.gov/beready/business/documents/BRUCyberSecurityChecklist.pdf
2: https://databreachinsurancequote.com/free-cyber-security-checklist/
3: http://www.edmondchamber.com/sites/edmondchamber2/uploads/images/blog/Edmond_Chamber_-_Cybersecurity_Risk_Lowering_Checklist.pdf
4: https://www.hhs.gov/sites/default/files/cyber-attack-checklist-06-2017.pdf
5: https://www.mdsny.com/…/The-NYDFS-Cyber-Security-Requirements-Checklist.pdf

For more: Tweet @D3pak

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s