Please enable JavaScript in your browser to complete this form. Please enable JavaScript in your browser to complete this form. BASIC INFO Basic customer intake information 1. What industry best describes your organization? * Banking Biotechnology Communications Construction Consulting Education Engineering Entertainment Finance Government Healthcare Hospitality Legal Manufacturing Not for Profit Retail Technology Transportation ORGANIZATION INFO Details on the organization 2. Is your IT function internal or outsourced? * Outsourced In-House Combination Outsourced / In-House No IT function in place 3. What type of sensitive data does your firm handle, store, or have access to? (Check all that apply, including employee data as well as client data) * Personal data (such as name, company, address, phone, e-mail, birthday, etc.) Social security numbers Employment data (social security numbers, bank accounts, date of birth, salary information, etc.) Driver’s license numbers Credit card numbers Banking and/or investment data Health care information (health insurance, health conditions) Medical records or medical history Intellectual property Unsure 4. Do you allow any of the above information to be e-mailed? *YesNoUnsure 5. Do you allow any of the above information to be stored or transmitted in a cloud file-sharing application such as Dropbox, Google Drive, etc.? *YesNoUnsure 6. Do you have crime insurance? *YesNoUnsure 7. Do you have privacy screens on computer monitors in publicly viewable areas, such as your reception desk? *YesNoUnsure 8. Do you have a “clean desk” policy stating that employees should not leave sensitive documents lying on their desk when the desk is not monitored? *YesNoUnsure 9. Do you have video surveillance in place at your facility? *Yes, interior onlyYes, exterior onlyYes, interior and exteriorNoUnsure 10. Do you provide cyber security awareness training to your staff? *YesNoUnsure 11. What IT policies do you have in place and documented? (Check all that apply) * Acceptable Use Policy Password Policy Data Confidentiality Policy Mobile Device Policy Bring Your Own Device (BYOD) Policy Incident Response Policy Backup and Disaster Recovery Plan Business Continuity Plan Remote Access Policy IT Asset Disposal Policy Security Awareness Policy 3rd-Party Access Policy Removable Media Policy (USB Drives/Sticks) User Termination Policy I don’t know if we have any of these 12. Do you require that employees sign off that they have read and understand these policies? *YesNoUnsure 13. Does anyone audit and verify that employees are following the above policies? *YesNoUnsure 14. Where do you store your list of credentials for your employees? * 15. Do you have up-to-date documentation of your network to know exactly what devices, users, software, or other IT assets you have? *Yes, and I am confident that it is currentYes, but I am NOT confident that it is currentNoUnsure 16. Are there any specific concerns you have regarding cyber security? IT INFORMATION Specifics regarding the client network and devices 17. Do you have an Active Directory server on your network? *YesNoUnsure 18. How many PCs (Windows or Linux Workstations) are on the network? *None1-1011-5051-99100+Unsure 19. How many Macs are on the network? *None1-1011-5051-99100+Unsure 20. How many Mobile Devices are on the network? (tablets, smartphones, etc.) *None1-1011-5051-99100+Unsure 21. Are all company-assigned mobile devices encrypted and password-protected? *YesNoNot ApplicableUnsure 22. How many printers, scanners, or plotters are on the network? *None1-1011-5051-99100+Unsure 23. How many Internet of Things (IoT) devices (light bulbs, smart switches, etc.) are on the network? *None1-1011-5051-99100+Unsure 24. Is authorization required before an employee may load software onto their computer? *YesNoDepends on employee roleUnsure 25. How often is data backed up? *NeverDailyWeeklyMonthlyQuarterlyYearlyUnsure 26. Are backups automatically sent offsite? *YesNoUnsure 27. Are backups stored on encrypted media? *YesNoUnsure 28. Do you periodically perform test restores of data backups? *YesNoUnsure 28-2. How often are the test restores of data backups performed? *WeeklyMonthlyQuarterlyYearlyUnsure 29. Do you perform external vulnerability assessments? *YesNoUnsure 29-2. How often are the external vulnerability assessments performed? *WeeklyMonthlyQuarterlyYearlyUnsure 30. Do you perform internal vulnerability assessments? *YesNoUnsure 30-2. How often are the internal vulnerability assessments performed? *WeeklyMonthlyQuarterlyYearlyUnsure 31. Is the server room/closet locked? *YesNoWe do not have a server room/closet 32. Is the use of shared credentials allowed for any systems? *YesNoUnsure 33. Do you have spam filtering in place? *YesNoUnsure 33-2. What is the name of the spam filtering service in place? * 34. Do you have an antivirus service in place? *YesNoUnsure 34-2. What is the name of the antivirus service in place? * 35. Do you have a host protection service in place? *YesNoUnsure 35-2. What is the name of the host protection service in place? * 36. Do you have a firewall in place? *YesNoUnsure 36-2. What is the name of the firewall device in place? * 37. Do you have an IDS/IPS or Windows Application Firewall in place? *YesNoUnsure 37-2. What is the name of the IDS/IPS or Windows Application Firewall in place? * 38. Is there a guest network in place for visitors to your site? *Yes, WiFi onlyYes, ethernet cable onlyYes, both WiFi and ethernet cableNoUnsure 39. Do you allow visitors to your office to connect to your primary office WiFi network (not a guest WiFi)? *YesNoUnsure 40. Do you limit the amount of time a guest can be connected to a wireless network? *YesNoNot ApplicableUnsure Please include any additional information with regards to the Cyber Security of your organization that we should consider for this Cybersecurity Assessment: Submit
