Do you have an anti-malware software installed, regularly updated and runs regular scans on all your systems?
Do you have security configuration baselines for components of your infrastructure(e.g. Servers, Workstations, Endpoints, databases, routers, etc.)?
Do you continuously monitor and fix deviations from security configurations and vulnerability scans?
Do you have anti-malware software installed, regularly updated and runs regular scans on all your systems?
Are backups of scoped data encrypted with a strong cipher algorithm?
Do you log and monitor any access or event to scope data/service?
Are log information, audit trails and administrator logs adequately protected by security controls to prevent tampering?
Are file integrity (host) and network intrusion preventions (IPS) tools implemented according to the security manager/Architect requirements?
Do you restrict and monitor the installation of new unauthorized software onto your systems?
Do you perform recovery tests on scoped data at least annually?