Do you use Multi-factor Authentication (MFA) for all system logins?
Do all of your system logins use a single sign on (SSO) provider?
Are your User Onboarding Policies integrated with both IT and HR?
Are your User Offboarding Policies integrated with both IT and HR?
Are you auditing User and Service Accounts on a scheduled basis?
Are all Workstations and Servers (Physical and Virtual) running a NextGen EndPoint Protection system?
Are NextGen Endpoint Protection Agents updated automatically?
Do you have a BYOD management system?
Do you use an Asset Management System to track all IT Hardware (Workstations, Servers, etc)?
Do you use a master image when deploying new workstations?
Do you have an Out of Band Patch Management for all Workstations and Servers?
Do you have a written change management procedures?
Do you monitor and issue alerts for Unauthorized Logins on all systems?
Do you have a 3rd Party perform a system "Pen Test" at least once per year?
Do you have a 24/7 Alerting system?
Are all your servers, workstations and firewalls collecting and reporting logging information?
Are you running Content Aware Firewall that support intruder protect / intruder detection?
Do you perform Email Phishing Tests at least once every six months?
Do you have Annual CyberSecurity Web Training for you users?
Are New Hires Required to go through Training for your company's CyberSecurity Policies?
Do you have a process for users to report email Phishing issues?