|
Page 1 of 2
By Bozidar Spirovski
A security assessment is a big deal. It takes a lot of time, requires a good chunk of budget since it is done by independent consultants, and the outcome is at best, "OK, but could be better."
For all these reasons, as well as some egoistic ones which won't be mentioned here, a lot of companies avoid hiring a security consultant and doing this assessment.
While the real thing may take time, some budget lobbying, and the guts to admit that you are not perfect, here instead is a very fast security self-assessment that will give you a rough idea of where you stand. You can do this assessment on your own time, and no one needs to know the outcome.
Assessment Instructions
Answer each of the questions truthfully with a yes or a no. If it is partial, write it up as a no. For each answer add the appropriate number of points to a total score (indicated on each question). After finishing with all the questions, sum the score and find the appropriate assessment result depending in which interval your score fell.
Assessment Questions
1. Do we have a firewall active at all ingress points of the network? Yes - 5 points, No - 0 points
2. Does our team control all firewalls? Yes - 5 points, No - 0 points
3. Do we have the following basic technical policies in place? Add 1 point for each policy in place
o password complexity
o password retention
o password history
o logon hours
o controlled registry editing
4. Does everyone in the organization have their own individual and unique username for all activities? Yes - 5 points, No - 0 points
5. Do we have logon/logoff auditing active on all servers and stations? Yes - 5 points, No - 0 points
6. Do we have a testing environment for patches, new versions and new software before it is rolled out into production? Yes - 5 points, No - 0 points
7. Do we have written procedures for regulating the above questions as process? Add 1 point for each procedure in place
|
