Advancement through Cyber Resilience

-
EN
Control Panel
Business Context
Forte Resilience
Executive Dashboard
Forte Support

Asset Management

Please select the statement that best describes the current practices towards assets associated with information and information processing facilities.
Please select the statement that best describes the current practices towards Media Management.

Page 3/10

HR Security

Which statement better describes the current state of security in Human Resource practices?
Do you conduct frequent information security awareness training that includes organisational policies and basic security topics (phishing, physical security, etc.)?

Page 4/10

Incident Response

Which statement better describes the current state of the Information Security Incident Response process?
In the event of a data breach, is there a Communication Strategy to notify the associated stakeholders (including impacted individuals) and regulatory bodies within an acceptable and compliant timeframe?

Page 8/10

Network Security

Which statement better describes the security practices applied to the environment containing the sensitive data?
Please select the statement that best describes the current protection of Network Devices.
Do you have a solution for Email Security?
Do you allow BYOD or mobile devices accessing the information?
Please select the statement that best describes the organisation's approach towards BYOD and mobile devices
Do you allow remote connections to the environment containing sensitive information?
Which statement better describes the security practices applied to remote connections?
Do you allow wireless access to the environment containing sensitive information?
Which statement better describes the security practices applied to wireless connections?
Which statement better describes the current state of Application Whitelisting?

Page 7/10

Access Control

Which statement better describes the current Access Control process?
Do you perform multi-factor authentication to control external and/or privileged access to sensitive information?
Please select the statement that best describes the protection applied to privileged accounts?
Which statement better describes the current state of Password Management process and systems within the environment?
Do you frequently review the user accounts and their associated access rights?

Page 5/10

Operations Security

Please select the statement that best describes the state of Operational Change Management process within the organisation. (Based on "Prosci Change Management Maturity Model")
Do you have formalised vulnerability and patch management processes and supporting technology solutions ensuring a comprehensive and periodic installation of security patches?
Do you have a formalised backup process and supporting technology solution ensuring adequate protection of data is in place?
Please select the statement that best describes the state of Log Management process within the organisation.
Please select the statement that best describes the Anti-malware program?
Please select the statement that best describes the current Security Testing program.
Please select the statement that best describes the involvement of Information Security in the Project Management process.

Page 6/10

Data Security

Do you have a formalised process around your information assets ensuring such assets are identified, classified, labelled, protected based on their sensitivity and will be retained/destructed following the business requirements?
Do you encrypt sensitive data at-rest and in-transit by using the latest internationally acceptable cryptographic standards?
Which statement better describes the current practices around Data Loss Prevention (DLP)?
Which statement better describes the current state of Data Sovereignty?

Page 2/10

Physical Security

Does the organisation have clearly defined security perimeters to protect areas that contain or provide access to sensitive information and information processing facilities?
Do you monitor and protect the secure areas that contain or provide access to sensitive information with appropriate access controls and surveillance systems?
Do you have physical controls to protect against natural disasters, malicious attacks or accidents?
Please select the statement that best describes the current practices towards protecting equipment containing or interacting with information.

Page 10/10

Security Governance

Which statement better describes the current state of the Organisation of Information Security?
What is the current practice towards Information Security Risk Management?
Do you have an overarching Information Security Policy?
Which statement better describes the current state of Information Security policies, standards and procedures within the organisation?
Which statement better describes the current state of Information Security Audit within the organisation?
Which statement better describes the current state of Business Continuity Management System (BCMS)?
Do you have a due diligence program to fulfil the requirements of applicable privacy laws?
Do you have a Supplier Security Program?
Please select the statement that best describes the current compliance practices associated with information and information processing facilities:
Which statement better describes the current status of Cyber threat intelligence?

Page 1/10

Application Security

Do you have any internally developed business systems?
Which statement better describes the current state of Security in Software Development Life Cycle (S-SDLC)?
Which statement better describes the current state of protection applied to software assets?
Do you have externally exposed and mission critical application services? Which statement better describes the current practices applied to secure the application services?

Page 9/10

-
EN