What % of your current employee work stations/laptops is utilizing:
* Windows
* MacOS
* Linux
Do you use cloud based email solutions from: Google (gmail), Microsoft (Office 365) ?
Do you use any additional email security solutions, if yes please select: Mimecast, Proofpoint, Other (Please specify)
Do you use next-generation behavioral based end point protection services (anti-virus), such as: Crowdstrike, SentinelOne, or Other (Please, specify)
Do you use cloud services for any of your workloads such as AWS, Azure, GCP, or Other – please specify
If using Cloud services, do you use any additional security solutions for Cloud Security Posture Management, if yes, please Specify which
If using Cloud services, what % of the workloads are using virtual machines/instances utilizing:
* Windows Server OS
* Linux OS
* Other (Please specify)
Do you use asset management solution?
Do you use a vulnerability management solution?
Does your vulnerability management cover all of your devices, including phones/tablets/etc ?
Do you apply any restrictions and have a solution in place for use of USB devices and removal media?
Do you use Docker containers in your environment ?
If yes, do you have an automatic Docker container scanning solution in place? (Snyk Container, Crowdstrike Container Scanning, etc) ? If yes, please specify:
If you are developing your own applications such as SaaS based solutions, do you currently have any solutions in place for:
* Open Source Code Scanning (Static or dynamic)
* Open Source Licensing checks
* 1st party code (your own code) scanning, that is integrated with your IDE, Git repositories, your CI/CD pipeline and prevents for code to be submitted/merged if vulnerabilities are present?
Do you use SSO solutions from Okta or other vendors?
If yes, what type of MFA implementations do you have in place (OTP, Authenticator app, SMS delivery, Email delivery, FIDO) ?
Do you use hardware (FIDO) keys for any of your services like MFA, etc ? Please, specify:
Do you have a system hardening process (CIS benchmarks, etc) for your workstations, mobile devices or Cloud work loads?
Do you use the Top 20 CIS controls and recommendations as part of your information security management system or security policies or as general consideration during Risk Assessment?
Do you use OWASP Top 20 as part of your web application security framework ?
Do you use any of the following Risk Assessment frameworks:
CIS RAM conforms to and supplements established information security risk assessment
standards and methods
such as ISO 270051
NIST Special Publications 800-302
and Risk Information Technology (IT)3
