);

Information Security and Data Protection Self-Assessment Risk Rating

Once completed this quiz will give you an indicative snap-shot of your overall Information Security and Data Protection risk profile. It is not suitable for, nor is it intended for use as a comprehensive assessment of your organisations’ adherence and compliance to industry recognised information / cyber security and data protection best practice principles. This can only be achieved by undertaking in-depth Threat & Risk and/or Gap Analysis Assessments.

If after investigating, you are unable to answer a question then input it as a ‘no’.

Questions answered ‘yes’ should be allocated the indicated weighted score number

Does your organisation deliver Information Security Awareness training, annually, to all staff?
Does your organisation have a password policy in place that is enforced?
Does your organisation have a baseline level of Anti-Virus protection enabled through your whole IT estate?
Does your organisation have appropriate firewall(s) in place?
Does your organisation ensure that security fixes and patches are always applied as quickly as possible across the entire IT estate?
Does your organisation have a security focused BYOD (Bring Your Own Device) policy in place?
Does your organisation have defined and enforced User Access Controls in place (e.g. User vs Administrator)?
Does your organisation have a policy for secure provision of network access for employees working outside of office locations?
Does your organisation carry out quarterly vulnerability scans on corporate websites and networks?
Does your organisation conduct annual penetration testing on corporate websites and networks?
Does your organisation have an employee with designated Information Security Officer / Manager responsibilities?
Does your organisation have an information security incident reporting and response procedure?
Does your organisation have policies ensuring 3rd party compliance with data protection and information security best practice?
Does your organisation have a policy in place to ensure that it is making best efforts to adhere to its obligations under Data Protection Act 2018 (GDPR)?
Does your organisation undertake annual data protection awareness training for all employees?
This entry was posted in . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *