Cyber Security Questionnaire Questionnaire The following questionnaire is necessary to guarantee the accuracy of the time estimates as well as the thoroughness thoroughness of the assessment. assessment. Please fill out as much of the information information as possible.
Basic Information Information Name: Title: Organization: Telephone: Cell phone: Email address: ll machines: !P ddresses • O" • ll machine names #$N"% &!N"% 'irtual • (osts% etc.) !s your organization sub*ect to any specific regulatory requirements+ #E,amples - PC!$"" !"O% CO/!T% !T!0% etc)
Audit Information &ould &ould you li1e the !nformation "ecurity Office to perform a networ1based assessment+ #2P) (ow many !nternetfacing hosts do you want the !nformation "ecurity Office to assess+ &ould &ould you li1e the !nformation "ecurity Office to perform a hostbased assessment+ &hich hosts+ &ould &ould you li1e the !nformation "ecurity Office to perform compliance% physical or enterprise assessment+ !f compliance% which regulations+ #PC!$""!"O% CO/!T% !T!0% etc.) &ould &ould you li1e the !nformation "ecurity Office to perform an application security assessment+ &hich specific applications+ #340% pplication name% !nstaller% etc.) &ould &ould you li1e this tested with or without credentials+ &ould &ould you li1e this tested with or without administrati5e credentials+
6 | P a g e
Network Security Information (as your organization e5er been compromised #internally or e,ternally)+ 0ist all !P address bloc1s registered to your organization. #E,ample - 67.89.;.,<79) 0ist all the domain names registered to your organization. #E,amples - acme.com= acmesales.com) $oes your organization use a local >irewall#s)+ !f so% please list quantity and manufacturer#s) of firewall#s). $oes your organization use a local !ntrusion $etection "ystem#s) #!$")+ $oes your organization use a local !ntrusion Pre5ention "ystem#s) #!P")+ !f your organization uses local !$"% do you use ?hostbased@ !$" #(!$") or ?networ1based@ !$" #N!$") or a combination of both+ 0ist the quantity of !$" #both (!$" and N!$") and !P" de5ices% as well as the manufacturer#s). $o you use $AB networ1s+ $oes your organization ha5e any dedicated connections to other organizations networ1s #5endors% business partners)+ !f so% please list all dedicated connections to other networ1s. $oes your organization use any 4emote ccess ser5ices+ "pecifically% what type of remote access ser5ices does your organization use #'PN or $ial3p 4")+ (ow many employees use remote access ser5ices+ $oes your organization use sitetosite 'irtual Pri5ate Networ1 #'PN) tunnels+ !f so% how many sitetosite 'PN tunnels are in use+ $oes your organization ha5e any systems that use modems+
7 | P a g e
System Information (ow many Aicrosoft &indows NT<7DDD<7DD8 ser5ers does your organization use+ (ow many 3ni, ser5ers #!% (P3% 0inu,% "olaris% etc.) does your organization use+ Please list specific distributions. 0ist any ser5ers with operating systems other than what is listed abo5e. Please include quantities and list specific operating system 5ersions
Service Information &hat ser5ices do you e,pose to the internet+ #E,amples: &eb% $atabase% >TP% ""(% etc.) &hat ser5ices do you e,pose to the campus+ &hat type of authentication do you use for your web ser5ices+ #E,amples: PubCoo1ie% &indows !ntegrated% htaccess% etc.) &hat languages do you use for your web ser5ices+ #E,amples: P(P% Perl% 4uby% "P% etc.) &hat anti5irus application#s) do you use+ !s your anti5irus application implemented using a ?managed@ client
8 | P a g e
Log Management (ow many of your !T systems generate logs with rele5ant securityoriented data today+ &hat percentage of these logs are you acti5ely collecting and monitoring today+ !s your process for collecting and storing all of those logs manual or automated+ $o you ha5e a single place to correlate% report and realtime monitor across all of these rele5ant logs today+
Security Information & vent Management $o you routinely manage% monitor and
Anoma!y "etection $o you ha5e a unified collection and analysis technology and process for e5ent% networ1% 5ulnerability% asset% and intelligence data+ !s this approach capable of conte,tual and in depth analysis and correlation across these di5erse data sets+ !s this process automated% and does it pro5ide response and remediation capabilities+
9 | P a g e
"irectory Management (ow many definiti5e sources of identities does your infrastructure ha5e today+ (a5e you standardized on a primary enterprise directory platform+ &hat percentage of those identity sources are acti5ely synchronized to ensure currency+ &hen you are audited% how do you pro5e what identities are acti5ely defined within your infrastructure+
Strong Aut#entication (ow many userid
$rivi!eged user account management $o you ha5e a concise understanding of all shared ser5ice accounts being used in your infrastructure+ $o you ha5e a regular process to 5alidate that all shared ser5ice accounts% and all users with access to them% are necessary+ re you able to automatically manage the chec1 out and chec1in of shared ser5ice account usage% so youre able to audit e,actly who was using a shared account at any gi5en point in time+
| P a g e
ncry%tion $o you ha5e self encrypting storage+ $o you ha5e requirement for encrypting all data at rest+ !s your certificate management a manual or automated process $o you use encryption for data lea1age protection+
Network $rotection (ow many successful intrusions ha5e you had in the last year+ &ith your e,isting technologies% would you 1now if you had a successful attempt+ &hat technologies do you use% that could detect such an attac1 and intrusion+ &hat are you doing to bloc1 attac1s against &eb applications+ re you using your technology to passi5ely detect or acti5ely bloc1 attac1s+ &hat technology do you use to mitigate "G0 !n*ection attac1s+
mai! $rotection $oes your organization offer endusers functionality to control the email coming into their inbo,+ &hat is your process to reco5er a single email+ !s your organization concerned about loss of confidential or proprietary information o5er email+ $oes your organization ha5e filters in place to deal with unwanted email such as newsletters% inappropriate content such as pornographic emails or malicious content+ $oes your organization offer endusers seamless endtoend email encryption to anyone on the !nternet+
; | P a g e
nd%oint Management re you able to quic1ly identify all of your distributed endpoints #ser5ers% des1tops% laptops% smartphones and tablets% plus specialized equipment such as pointofsale de5ices% TAs and selfser5ice 1ios1s) and chec1 for rogue assets on the networ1+ $o you ha5e realtime 5isibility of endpoint status and automated compliance reporting+ $oes your solution pro5ide a closedloop integrated assessment and automated remediation for patch% configuration% 5ulnerability% anti malware% and data loss pre5ention+ $oes your solution continually assess the status of the endpoint and ensure the endpoint remains in compliance with organizational policies+
H | P a g e