Cybersecurity Assessment Questionnaire

Welcome to KBE’s Cybersecurity Assessment. This comprehensive tool covers all aspects and key questions to assess your organization’s current cyber security position.

Protect Your Organization

As the threats to IT security continue to evolve, you need a sophisticated information assessment to understand if your organization is exposed to cyber-attacks and how you can stop them. By regularly performing a comprehensive IT security assessment, you can gain the insight you need to put the right strategies, technologies, policies, and procedures in place to ensure optimal protection.

IDENTIFY, PROTECT, DEFENSE, RECOVER

IDENTIFY, PROTECT, DEFENSE, RECOVER

1. Who manages your IT Environment?
2. Who has access to your computer hardware?
3. Do you have a listing of all user accounts?
4. Do any of your users have admin access?
5. Do you have an inventory of devices such as printers, computers, and scanners for your business?
6. Is your physical office locked when vacant?
8. Type of Workstation OS
9. How long before your computer screen is set to lock when not in use anytime you're away from your computer?
10. Are any user credentials shared?
11. Does your company have information security policies and procedures?
12. Does your organization have an internal process for assessing risk?
13. Server Infrastructure
14. Cloud Provider (If applicable)
19. Assets Warranty: Are they still covered/supported?
22. Do you limit access to data for your employees?
23. After termination, do you disable accounts?
24. Do you allow the use of USB ports?
25. Do you provide surge protection to your computer systems?
26. Do you keep up with the latest Critical Updates and Microsoft Windows updates?
27. How are the updates completed?
28. Are all your software applications still supported by the manufacturer?
29. Are you using a firewall between your internal network and the internet?
30. Who configures and manages your firewall? (choose all that apply)
31. Have you changed the default password for your firewall?
32. Is your firewall set to log activity?
33. How often are the firewall logs reviewed?
34. Do you have a threat detection product in place today?
37. Do you encrypt data on all devices?
38. How are you handling threat information today? (choose all that apply)
39. Are you monitoring your IT environment for anomalous events?
40. What other types of activity is your security monitoring looking for? (choose all that apply)
41. Do you perform vulnerability scanning in your environment?
42. Do you have incident response processes and procedures in place which are being maintained on a regular basis?
43. Are you planning on developing incident response processes and procedures?
44. Which of these activities do you perform to improve organizational response activities? (Choose all that apply)
45. Do you have Managed Threat Response (MTR) team or subscription
46. Are recovery processes and procedures documented and reviewed?
47. Do you have Backup/Recovery Solution?
48. What Backup Solution do you have?
49. How often do you test your backups?
50. Do you have a documented Disaster Recovery Strategy?
52. Do employees work remotely?
Full Name
Full Name
First
Last
Preferred Method of Contact