Are software and firmware updates tested for effectivenessand potential side effects before installation?
Do you automatically lock workstations sessions after a standard period of inactivity? If so, provide the period of inactivity which triggers workstation to lock?
Do you and your employees take security awareness training upon hire and annually thereafter?
Is system data backed up? If so, where is the backup stored?
Do you have an inventory of all administrative accounts? Where is the inventory maintained?
Is anti-malware software in use? If so, provide the name of the solution used in the comments section
Is anti-malware software configured to get updates and run scans frequently? If so, detail the frequency of updates and scans in the comments section
Do you maintain ad accurate and up-to-date inventory of all technologies assets with the potential to store or process information ? This inventory should include all hardware assets, whether connected to the Organization’s network
Do you maintain and up-to-date list of all authorized software that is required in the enterprise for any business purpose on any business system?
Do you maintain contact information for external third-parties that may be used to report a security incident (e.g., Law enforcement, customer contacts, government departments, and vendors)?