Organizations have different risk profiles base on their operations, critical assets and the threat landscape. It is recommended to regularly review the maturity of your cyber security program to ensure it is appropriate for your risk profile, scope and scale of the business operations. Please find below a brief cyber security checklist to self-assess your own program and evaluate if there are any areas that require attention.
Some things to consider when evaluating your own cyber program include:
- Do you have strong information security policies including a password policy, clean desk, acceptable use and access control procedures?
- Is your hiring, due-diligence and on-boarding process for new hires appropriate for the role and access of the new employee?
- Do you provide security awareness training at on-boarding, and regularly?
- Are all devices equipped with reliable antivirus software?
- Have you conducted a physical security review of your space to identify critical assets, consider the most likely and impactful threads to those assets, evaluate if existing security is appropriate and taken steps to mitigate identified vulnerabilities?
- Do you have a business continuity plan identifying incident response roles and responsibilities?
- Have you reviewed your insurance coverage to ensure it is appropriate for your risks, assets, and the cost of business disruption, including cyber insurance for the transfer of any residual risk above your risk tolerance?
- Do you have robust data backup policies and procedures?
- If working with vendors that have access to data, have you conducted a third-party risk assessments?
This list is provided for information purposes and should not be relied upon as a full assessment or audit purposes.
Get in touch if you would like a maturity assessment to help improve your security posture and become a more resilient organization please get in touch.