Security Capability Assessment

Risk Assessment/Management
Does your organization:

  • Regularly perform vulnerability assessments?
  • Act on the results of a vulnerability assessment in a timely manner?
  • Identify critical information assets?
  • Identify the threats to critical information assets?
  • Determine the financial and other impacts of a successful attack on critical information assets?
  • Evaluate and manage your information security risks on an ongoing basis? In other words, are risks to critical information assets managed in a similar fashion to other key business risks?

Management/Policy
Does your organization:

  • Have a security policy (both IT and physical) established by senior managers?
  • Link your security policies to specific business objectives and specific risk areas?
  • Inform all managers at all levels of their responsibilities regarding security, including policy enforcement?
  • Include security as a regular agenda topic at management and staff meetings?
  • Ensure that all users receive training in your organization’s security policy, as well as penalties and consequences for non-compliance, prior to receiving an account on any system?
  • Periodically conduct an independent audit of organizational compliance with security policies?

System and Network Management
Does your organization:

  • Assign, manage, and update user identities and access permissions?
  • Control system and network changes, and manage system and network configuration, including selecting, testing, and applying high priority patches?
  • Regularly scan for viruses/worms/ Trojan horses/ denial of service agents on servers, desktop systems, laptop systems, and mobile devices?
  • Monitor for, detect, report, and act on suspicious files/behaviors/ events including user reports?
  • Actively work to contain the damage caused by a virus/worm/Trojan horse?
  • Recover/restore files, systems, and networks compromised in an attack in a timely manner?

Corporate Security
Does your organization:

  • Require identification and authentication for accessing your work facilities/buildings?
  • Have business continuity and disaster recovery plans in place?
  • Provide training to employees on identifying suspicious packages, behaviors, persons and events, and alerting security personnel?
  • Require human resources to conduct background checks on all new hires?

Source:
CSO Magazine and CERT Security Capability Assessment Tool
CSO Magazine

Like this content? Why not share it?
Share on FacebookTweet about this on TwitterShare on LinkedInBuffer this pagePin on PinterestShare on Redditshare on TumblrShare on StumbleUpon

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.