1. Do you have an Information Security (IS) department?
2. Do you maintain an updated asset inventory for all IT assets?
Do you have documented and regularly updated security policies?
4. Do you conduct security awareness training for employees?
5. Do you test employees on their security knowledge?
6. Do you use encryption for sensitive data at rest (Endpoint/backup encryption)?
7. Do you use encryption for sensitive data in transit (SSL/IPSEC tunnels)?
8. Do you offer a server-based specialized antivirus solution?
9. Do you have a Web Application Firewall (WAF) in place?
10. Do you use a Privileged Access Management (PAM) solution?
11. Does your organization regularly apply security patches to operating systems and applications?
12. Does your organization use a vulnerability scanner or conduct internal VAPT?
13. Do you perform regular backups for critical data?
14. Do you have a Disaster Recovery (DR) site for critical systems?
15. Do you conduct external third-party vulnerability assessments and penetration testing?
16. Do you have a functional Security Operations Center (SOC) in place with SIEM?
