Do you run vulnerability scans on a periodic basis?
Do you patch your systems on a prioritize basis?
Do you use Multi-factor Authentication?
Do you use secure configuration management?
Do you have endpoint security controls for all your devices?
Do you run regular automated backups?
Do you train your workforce on identifying social engineering attacks?
Do you maintain an information asset inventory?
Do you restrict access to your systems and data based on the principle of least privilege (business need to know)?
Does your organization have a ransomware playbook (a concrete plan including specific steps to respond and recover in the event of an attack)? *
Which best describes your current infrastructure? *
Which of the following technologies are included in your security stack? [Select as many as apply] *