Greetings!

Ready to fortify your organization's defenses against cyber threats? Let's identify your current security posture and develop a tailored enhancement plan. Begin by completing our Cyber Security Maturity Assessment, covering four essential areas in just 10 minutes.

Here is what we’ll cover:
  • Data Protection
  • Access Control
  • Asset Protection
  • Monitoring, Response and Recovery

Hit "Begin" to start your evaluation.

Data Protection

Ensuring Data Confidentiality and Integrity

Data protection is foundational in cyber security as data is the primary asset that attackers target. Knowing where critical data resides and implementing stringent controls around its accessibility and handling are crucial to prevent unauthorized access and breaches. Encrypting all data, both at rest and in motion, ensures that even if a breach occurs, the compromised data remains unreadable to attackers. Key management also plays a vital role; securing encryption keys—and ensuring they are not stored on the same server where the encrypted data lies—helps maintain the integrity and confidentiality of data. Moreover, critical data should never be allowed on externally facing systems, minimizing the risk of exposure to potential threats.

Data Management Protocols

Do you have processes and technical controls to identify, classify, securely handle, retain, and dispose of data.

← Back

Encryption and Key Management

Do you have processes and technical controls to ensure critical data is encrypted with strong key management practices in place?

← Back

Data Movement Monitoring

How effective is your team at detecting unauthorized movement of data in your environment?

← Back

Database Security Maintenance

How effective are your processes for fully patching and securing all databases?

← Back

External Data Monitoring:

How effective are you at monitoring for critical data on externally facing systems?

← Back

Access Control

Gatekeeping Digital Resources

Access control is the cornerstone of effective cyber security, acting as the initial barrier against unauthorized access. It involves letting the right people in, keeping the wrong people out, and preventing the right people from becoming wrong through robust management of user permissions. Access should be precisely defined and limited to necessary personnel only, with clear rules governing such access. Techniques like Single Sign-On (SSO) and Multi-Factor Authentication (MFA) simplify the management of access controls and enhance security by reducing the complexity of access provisions and adding layers of verification, thereby helping to mitigate the risks associated with compromised credentials.

← Back

Credential Management

Do you have processes and tools to create, assign least privilege, manage, and revoke access credentials and privileges for user, administrator, and service accounts for enterprise assets and software?

← Back

Multi-Factor Authentication (MFA) Implementation

Do you have phishing resistant MFA enabled on all user accounts?

← Back

Privileged ID Security

Do you have a password vault to store privileged IDs?

← Back

BYOD Policy Compliance

Do you allow users to login with BYOD devices?

← Back

Login Permissions and Restrictions

Do you allow users to login with a local admin account?

← Back

Asset Protection

Securing Physical and Digital Assets

Asset protection starts with complete visibility and a thorough inventory of all assets. Organizations cannot safeguard what they are not aware of or do not fully understand. Regular patching of vulnerabilities and keeping software, especially browsers, up to date are critical practices that prevent attackers from exploiting known weaknesses. Installing robust endpoint protection and application allow-listing solutions ensures that only approved applications run on network devices, minimizing the risk of malicious software execution. Network segmentation is also crucial as it restricts the lateral movement of malware and unauthorized traffic within the network, thereby containing any breaches more effectively.

← Back

Asset Identification

Do you know what assets need protecting?

← Back

Endpoint Protection Deployment

Have you deployed endpoint protection on all assets to prevent ransomware and other malicious code?

← Back

Unauthorized Software Monitoring

Do you have processes and tools to monitor for installation of Unauthorized Software?

← Back

Email Security Measures

Do you have processes and technology in place to block links and embedded email attachments from Untrusted Sources?

← Back

Vulnerability Scanning Effectiveness

How effective is your team scanning regularly for vulnerabilities including default passwords and obsolete operating systems?

← Back

Monitoring, Response, and Recovery

Monitoring, Response, and Recovery

Monitoring, response, and recovery capabilities are essential to swiftly detect, understand, and mitigate cyber threats, aiming to meet the ambitious metrics of the 1-10-60 rule—detect within one minute, understand within ten minutes, and respond within sixty minutes. Automated alerting systems are vital for prompt threat detection and initiating timely responses. Effective response strategies focus on impact reduction to minimize damage. Continuous monitoring for unauthorized changes across all servers and network devices ensures that any deviations from established baselines are quickly noticed and addressed, often requiring activation of incident response plans if changes are irreconcilable. Additionally, ensuring robust backup systems are in place is crucial, not just for recovery from cyber incidents but also for restoring data in scenarios of accidental deletion or system failures.

← Back

Incident Response Capability

How competent is your teams response capability for a major incident?

← Back

Change Monitoring Proficiency

How proficient is your team at monitoring changes on your servers and network devices?

← Back

Alert Management

How effective is your logging and response to alerts?

← Back

Attack Monitoring and Reporting

Do you have processes and technical capabilities to monitor and report on the number of attempted and successful attacks in the past week?

← Back

Data Restoration Capabilities

Do you have the ability to restore all critical data and is this regularly tested?

← Back

You're All Set!

This wraps up the assessment. We’re crunching the numbers now—keep an eye on your inbox for an email with a link to your results page.

    Your Results

    Great We Will Send Your Results

    You should receive an email with 2-3 minutes with a link to your results