Cybersecurity Infrastructure Assessment Non-Disclosure Agreement (NDA) This Cybersecurity Assessment is conducted under strict confidentiality. By proceeding, CyberSec (the Consultant) and the Client agree that all technical data, network information, and vulnerability findings shared during this process will be treated as sensitive and proprietary. We will not disclose your infrastructure details to any third party. The data collected is used solely for generating your maturity score and strategic recommendations. I have read and agree to the Non-Disclosure Agreement and Terms of Service. Start Assessment Question 1 of 15 What is your primary strategy for off-site data backups? Cloud-based Immutable Backup Encrypted External Storage Local Server Mirroring No Formal Off-site Backup Back Next Question 2 of 15 Why do you consider your current network firewall sufficient? Next-Gen Firewall with AI/ML Regularly Updated Enterprise Firewall Basic Router Firewall None/Not Configured Back Next Question 3 of 15 What measures are currently in place for endpoint protection? EDR/XDR Managed Security Enterprise Antivirus/Managed Standard Antivirus (Unmanaged) None/Windows Defender Only Back Next Question 4 of 15 Why is employee security awareness training a priority? Continuous Training & Phishing Sims Annual Formal Training Occasional Emails/Bulletins No Training Provided Back Next Question 5 of 15 What is your formal Incident Response Plan? Full IRP + Annual Testing Documented Plan (No Testing) Basic Guidelines Only No Plan in Place Back Next Question 6 of 15 Why did you choose your specific cloud provider? Top-Tier (AWS/Azure/GCP) + Hardening Standard Cloud Hosting Basic Shared Hosting On-Premise (No Cloud) Back Next Question 7 of 15 What is your mandatory password policy? MFA Required + Complexity Policy Complexity Only Basic Min Length No Enforced Policy Back Next Question 8 of 15 Why is MFA essential for your business? Mandatory Everywhere (No Exceptions) Enforced for Admins Only Optional for Staff Not Used Back Next Question 9 of 15 What encryption standard do you use for sensitive data? AES-256 (At Rest & In Transit) Standard SSL/TLS Partial Encryption No Encryption Used Back Next Question 10 of 15 Why do you conduct regular vulnerability scans? Automated Weekly/Continuous Quarterly Tests On-Demand Only Never Conducted Back Next Question 11 of 15 What is your procedure for vetting vendor security? Strict Security Audit Required Security Questionnaire Only Check References Only No Vetting Process Back Next Question 12 of 15 Why do you monitor and retain network logs? Centralized SIEM (1 Year+) Local Log Storage (3 Months) Manual Log Checking Logs Disabled/Not Monitored Back Next Question 13 of 15 What is your RTO in case of system failure? Under 4 Hours Within 24 Hours 24-48 Hours No Defined Timeframe Back Next Question 14 of 15 Why do you enforce 'Least Privilege' access? Strict Role-Based Access Control Manual Permission Management Basic User/Admin Splits Everyone has Admin Rights Back Next Question 15 of 15 What primary compliance standard do you follow? ISO 27001 / GDPR / SAMA Industry Specific (PCI-DSS) Internal Security Policy No Compliance Framework Back Submit Final Result
