top of page

Quick maturity assessment

The only Cybersecurity self-test you will ever need to take!

Our CISO and CIO executives are among the best in the business. They have built, secured, and managed some of the largest technology systems in the world. With their combined experience, they have distilled the core fundamentals of security into 4 categories intuitively capturing key benchmarks of security frameworks without the burden or cost of full-blown NIST800 or CMMC assessments. This self-test gives you valuable information in a fraction of the time to determine whether your environment has achieved a base level of security.

Are your User Offboarding Policies written and distributed to a) Service Desk/IT Admin and b)HR?
Do all of your system logins use a single sign-on (SSO) provider?
Do you use Multi-factor Authentication (MFA) for all system logins?

Identity

Management

Asset

Management

Cybersecurity

Visibility

Cybersecurity

Training

Is there a written process for auditing the User and Service Accounts on a scheduled basis?
Are all workstations and servers (physical and virtual) running a NextGen EndPoint Protection system?
Are NextGen EndPoint Protection Agents updated automatically?
Do you have a BYOD management system?
Do you use an asset management system to track all IT hardware (workstations, servers, etc.)?
Do you use a master image when deploying new workstations?
Do you have an Out of Band Patch Management system in place for all workstations and servers? 
Do you have a written change management procedure?
Are new systems or software reviewed by an IT Security Professional to ensure all assets are logged to an Asset Database?
Do you monitor and issue alerts for unauthorized logins on all systems?
Do you have a 3rd party perform a system "Pen Test" at least once per year?
Do you have a SEIM or 24/7 alerting system?
Are all your servers, workstations, and firewalls collecting and reporting logging information?
Are you running an NGFW that supports intruder protection and intruder detection?
Do you perform email phishing tests at least once every six months?
Do you have annual Cybersecurity Web Training for your users?
Is it mandatory for new employees to receive training on your company's Cybersecurity policies? 
Do you have a process for users to report email phishing issues?
Are your User Onboarding Policies written and distributed to a) Service Desk/IT Admin and b)HR?

Thanks for submitting!

Company Profile

How many total employees?

How many total offices?

How many total countries?

What are the major departments in the organization (e.g. sales, marketing, finance, accounting etc.)?

Do you currently carry a Cybersecurity Insurance policy?

Does your company have any internally developed software?

Is your accounting system cloud based or on premise?

Is your human resources management system cloud based or on premise?

Is your client/customer management system cloud based or on premise?

Do you have a current network diagram?

Does your company have a written Data Retention Policy?

Does your company have a written "Bring Your Own Device" (BYOD) policy?

Does your company have a Data Classification Policy?

What systems at a high level are exposed to the internet?

What are their most valuable company assets that require protection and where are they?

PCI Compliance - Does your business handle or store credit card information?

SOX Compliance - Is your company publicly traded?

Which statement describes the potential for impact from a major security event:

If yes, what is the coverage amount? 

Does your company also have an internal software development team?

Does your company have any regulatory or compliance requirements?

Which one(s)?

Others:

bottom of page