Online cyber risk assessment

Question 1

Is Information Risk Management currently on your Board’s agenda? *

Yes
Yes but it is not high priority
We are thinking about it

Do you know what information you depend on and where it is? *

Yes we do
Yes we do but I suspect it may be out of date
We have carried out a data audit in the past but it needs to be done again
We are planning to have a data audit carried out

Previous Next

Question 3

Do you have a company wide Information Security Policy? *

Yes
One is being developed
We are thinking about it

Previous Next

Question 4

Do you carry out regular risk assessments? *

Yes
Yes we carry out risk assessment but they may not be regular
We have carried out a risk assessment in the past
We haven’t carried out any risk assessments yet

Previous Next

Question 5

Do you apply appropriate controls to protect personal information in accordance with current legislation? *

Yes we do
Yes we do but I could not swear that all of the controls are effective
We try to protect all of our personal information
We are planning to review our management of personal information

Previous Next

Question 6

Do you provide guidance to employees on information security? *

Yes
Yes but only key staff
We have a policy but it is not always carried out by managers
We don’t quite get around to it

Previous Next

Question 7

Have you implemented detection and prevention controls to protect against malicious software? *

Yes, we have
We have partial coverage but some areas are difficult to deal with
We have a malware policy for protecting our critical systems
We don’t really have a policy but the IT people do something

Previous Next

Question 8

Are all of your system changes managed within a formal change control process? *

Yes, we have
All of our critical changes are controlled but the overhead is too great for all changes to be covered
We haven’t got around to formalising our change control yet

Previous Next

Question 9

Do you keep audit logs for all security-relevant events? *

Yes, we do
We do log a number of security related events but not as many as we would like
We do audit but we don’t have enough space and the logs are overwritten quite quickly
We haven’t got around to sorting out our auditing system yet

Previous Next

Question 10

Does your network team carry out regular vulnerability testing? *

Yes, they do
We try to but there is a high turnover of staff
We have a policy of not checking on our staff

Previous Next

Question 11

Is redundant media and equipment with storage capability securely disposed of when no longer required *

Yes, it is
We try to but there are always things that slip through the net
We don’t have a central policy, parts of the business do their own thing
We like to let the staff have first refusal on all equipment and we trust them

Previous Next

Question 12

Does your business have a Contingency Planning process? *

Yes, we have
We have a process but I am not convinced of its effectiveness
We have some contingency but it is sporadic
We are always too busy to really get to grips with contingency

Previous Next

Get your Cyber Essentials Certification with support from the experts.

Discover where your main business risks lie with our free information risk assessment

Receive Ascentor’s Designing and Delivering a Cyber Security Programme White Paper

Online risk assessment

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Results

Ascentor

Get your Cyber Essentials Certification with support from the experts.

Discover where your main business risks lie with our free information risk assessment

Receive Ascentor’s Designing and Delivering a Cyber Security Programme White Paper

Online risk assessment

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Results

Contact us