Cyber Resiliency Assessment
The first section focuses upon proactive threat detection—that is, the technologies and processes in place at your organization to detect and prevent a cyber attack or ransomware-related incident.
For which of the following types of threats will you and your team spend the most time preparing over the next 12 months? (please check up to three)
Malware (known, unknown, fileless, etc.)
Exploits of known vulnerabilities
Ransomware
Web application attacks such as cross site scripting (XSS) or SQL injection
Business email compromise
Denial of services (DoS) attacks
Credential theft
Advanced, multi-stage attacks involving lateral movement
Insider attacks (e.g., disgruntled employees, ransomware originating from inside the network)
Zero-day exploits of new and unknown vulnerabilities
Phishing attacks
Not sure
How confident are you that you are satisfying your regulatory/compliance mandates (e.g., GDPR, PCI DSS, FINRA, FISMA, HIPAA, etc.)? (please check one)
100% confident
75% confident
50% confident
We are struggling to meet appropriate regulatory mandates
Not sure
For how long (if at all) has your organization leveraged a framework to guide and measure your security program (e.g., NIST CSF, ISO 27001, CIS Critical Security Controls, etc.)? (please check one)
More than 36 months
Between 24 and 36 months
We have begun within the past 24 months
We are in the process of adopting a framework
We have plans to begin the use of a framework in the next 18 months
We don’t leverage any of these cybersecurity frameworks
Not sure
How confident are you that you have the appropriate visibility and threat detection within your endpoint, cloud, and network infrastructure? (please check one)
I am confident that we have the right level of visibility into all of our infrastructure
We are actively working on closing visibility gaps within our infrastructure
We have visibility challenges in parts of our infrastructure
We have visibility, but lack security operations infrastructure to respond to issues
Not sure
What staffing strategy do you utilize for detection and response of cyber-attacks? (please check one)
Internally staffed security operations center (SOC)
External managed detection and response (MDR) service or other incident response service
Combined internal SOC with external MDR service
Not sure
How confident are you that your organization is scanning or testing for vulnerabilities regularly enough and remediating them by patching or updating configurations in a timely fashion? (please check one)
Completely confident
Mostly confident
Somewhat confident
Not very confident
Not at all confident
Not sure
How confident are you that appropriate security controls are widely deployed, properly configured, and capable of preventing a ransomware attack? (please check one)
Completely confident
Mostly confident
Somewhat confident
Not very confident
Not at all confident
Not sure
ESG, a division of TechTarget, is an IT analyst, research, validation, and strategy firm that provides market intelligence and actionable insight to the global IT community.
© 2021 TECHTARGET, INC. ESG, A DIVISION OF TECHTARGET, SUITE 1-150, 275 GROVE STREET, NEWTON, MA 02466 | 508.482.0188