Online cyber risk assessment

Question 1

Is Information Risk Management currently on your Board’s agenda? *

Yes
Yes but it is not high priority
We are thinking about it

Do you know what information you depend on and where it is? *

Yes we do
Yes we do but I suspect it may be out of date
We have carried out a data audit in the past but it needs to be done again
We are planning to have a data audit carried out

Previous Next

Question 3

Do you have a company wide Information Security Policy? *

Yes
One is being developed
We are thinking about it

Previous Next

Question 4

Do you carry out regular risk assessments? *

Yes
Yes we carry out risk assessment but they may not be regular
We have carried out a risk assessment in the past
We haven’t carried out any risk assessments yet

Previous Next

Question 5

Do you apply appropriate controls to protect personal information in accordance with current legislation? *

Yes we do
Yes we do but I could not swear that all of the controls are effective
We try to protect all of our personal information
We are planning to review our management of personal information

Previous Next

Question 6

Do you provide guidance to employees on information security? *

Yes
Yes but only key staff
We have a policy but it is not always carried out by managers
We don’t quite get around to it

Previous Next

Question 7

Have you implemented detection and prevention controls to protect against malicious software? *

Yes, we have
We have partial coverage but some areas are difficult to deal with
We have a malware policy for protecting our critical systems
We don’t really have a policy but the IT people do something

Previous Next

Question 8

Are all of your system changes managed within a formal change control process? *

Yes, we have
All of our critical changes are controlled but the overhead is too great for all changes to be covered
We haven’t got around to formalising our change control yet

Previous Next

Question 9

Do you keep audit logs for all security-relevant events? *

Yes, we do
We do log a number of security related events but not as many as we would like
We do audit but we don’t have enough space and the logs are overwritten quite quickly
We haven’t got around to sorting out our auditing system yet

Previous Next

Question 10

Does your network team carry out regular vulnerability testing? *

Yes, they do
We try to but there is a high turnover of staff
We have a policy of not checking on our staff

Previous Next

Question 11

Is redundant media and equipment with storage capability securely disposed of when no longer required *

Yes, it is
We try to but there are always things that slip through the net
We don’t have a central policy, parts of the business do their own thing
We like to let the staff have first refusal on all equipment and we trust them

Previous Next

Question 12

Does your business have a Contingency Planning process? *

Yes, we have
We have a process but I am not convinced of its effectiveness
We have some contingency but it is sporadic
We are always too busy to really get to grips with contingency

Previous Next

Cookie	Type	Duration	Description
nf_wp_session	session	1 hour	Enables to website forms to function as intended
viewed_cookie_policy	session	1 hour	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Type	Duration	Description
__stid	persistent	1 year	The cookie is set by ShareThis. The cookie is used for site analytics to determine the pages visited, the amount of time spent, etc.
_ga	session	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, camapign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assigns a randoly generated number to identify unique visitors.
_gat	session	1 minute	This cookies is installed by Google Universal Analytics to throttle the request rate to limit the colllection of data on high traffic sites.
_gid	session	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the wbsite is doing. The data collected including the number visitors, the source where they have come from, and the pages viisted in an anonymous form.
gwcc	session	2 months	This cookie allows Google to track any call conversions on mobile devices. For example if a customer is clicking a phone number on the contact us page to dial from their mobile device

Cookie	Type	Duration	Description
_otpe	session	30 minutes	Opentracker tracking – this cookie is used to store the previous event before landing on the current page
_ots	session	30 minutes	Opentracker tracking – this cookie is used to determine new sessions/visits
_otui	persistent	4 years	Opentracker tracking – this cookie is used to distinguish users and sessions.

Get your Cyber Essentials Certification with support from the experts.

Discover where your main business risks lie with our free information risk assessment

Receive Ascentor’s Designing and Delivering a Cyber Security Programme White Paper

Online risk assessment

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Results

Ascentor

Get your Cyber Essentials Certification with support from the experts.

Discover where your main business risks lie with our free information risk assessment

Receive Ascentor’s Designing and Delivering a Cyber Security Programme White Paper

Online risk assessment

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Results

Contact us

We value your privacy