Cybersecurity Maturity Assessment

In the event of a breach right now, are there documented procedures that clearly define every employee's role?

How does the organization ensure that departing employees effectively lose all access to all systems?

Can sensitive company data be moved to unauthorized devices (via USB or private cloud) without alerting management?

When a suspicious email is received, is there a technical mechanism for immediate reporting and analysis?

What is the maximum downtime the organization can tolerate before critical services must be fully restored?

How do you ensure that the software used does not contain forgotten vulnerabilities from previous years?

Are Technical Vendors required to adhere to the same security standards that your organization applies?

If a senior leader's laptop is lost, is the data inside guaranteed to be unreadable by unauthorized parties?

How are unusual activities (e.g., late-night logins) monitored on the organization’s critical systems?

Are copies of vital data stored outside the main headquarters to ensure survival in case of a physical disaster?

Do systems that handle customer data undergo an independent security assessment before they are launched?

How capable is the organization of proving its ongoing compliance with regulators and auditors?

Are the powers of 'System Administrators' controlled to prevent potential misuse of authority?

How is old data that the organization no longer needs handled or disposed of?

Does senior management have a dashboard or report that shows the current level of cyber risks?