How many physical servers do you have?
What is the average age of your physical servers?
What Operating Systems are you using?
Are all of your production operating systems current and supported versions?
Do you have a regular maintenance schedule for your servers?
Are your servers virtualized?
What type of storage solutions do you use? Select all that apply.
If utilizing a SAN solution, do you leverage snapshot capabilities?
Does your storage solution utilize multipathing or other redundant connection methodologies?
Does your storage solution replicate to an alternate site or cloud storage?
How often do you backup your data?
Do you have a disaster recovery plan in place?
How often do you test your backups?
How often do you test your disaster recovery plan?
What is the age of your networking equipment (routers, switches, firewalls, etc.)?
Do you have redundant network paths to prevent single points of failure?
How often do you update your network security protocols / device firmware?
How many wireless access points do you have?
What is the average age of your wireless access points?
Do you have centralized management systems for your wireless network?
How often do you update your wireless security protocols / device firmware?
Which cloud services do you use?
Do you have a multi-cloud strategy?
How often do you review and optimize your cloud usage?
Which security solutions do you utilize?
Do you monitor your environment for security threats?
Do you leverage Secure Access Service Bridge (SASE) Solutions?
Which Firewall vendor / edge security provider do you have in place?
Do you encrypt sensitive data at rest and in transit on servers and workstations?
Are mobile devices protected with encryption and endpoint protection?
Do you currently have a MDM solution in place?
Does the organization have a formal vulnerability management and software patching solution?
Is a formal cyber incident response plan in place and tested periodically?
Does the organization utilize Multifactor Authentication for email?
Does the organization utilize Multifactor Authentication for network access, system access and remote connectivity?
Does the organization accept payment card transactions?
Is the organization PCI compliant?
Does the organization deal with protected health information as defined by HIPAA?
Does the organization have operations or customers in California, or any responsibilities under the California Confidentiality of Medical Information Act?
How strongly do you agree or disagree with the following statements around your core infrastructure?
Success! Your IT Assessment Is Complete!
