Are you over 18 and want to see adult content?
More Annotations
A complete backup of greekgirltravels.com
Are you over 18 and want to see adult content?
A complete backup of angel-domaene.de
Are you over 18 and want to see adult content?
Favourite Annotations
A complete backup of downloadapkforpc.ru
Are you over 18 and want to see adult content?
A complete backup of adnrionegro.com.ar
Are you over 18 and want to see adult content?
A complete backup of gallocontenthub.com
Are you over 18 and want to see adult content?
A complete backup of thoughtuncommon.wordpress.com
Are you over 18 and want to see adult content?
A complete backup of pellegrinipersempre.it
Are you over 18 and want to see adult content?
Text
* Solutions
* Organization Risk
* Vendor Risk
* Employee Risk
* Personal Risk
* Resources
* About the S2SCORE
* Blog
* COVID-19 Resources* Events
* News
* Partner With Us
* Partners
* Partner Lead Registration * S2SCHOOL Resources* S2SCORE Estimator
* VRM Assessment
* VRM ROI Calculator* Whitepapers
* Financial VRM Regulation * Healthcare VRM Regulation* Login
* Sign up for free
* Get a demo
* MENU Menu
S2SCORE ESTIMATOR
You are here: Home 1 / S2SCORE EstimatorSTEP 1 OF 5
20%
* Your First Name*
* Your Last Name*
* Your Company*
* Your Job Title*
* Your Email Address** Your Phone Number
* Your Industry*
Select IndustryAccounting/FinanceAdvertising/Public RelationsAerospace/AviationArts/Entertainment/PublishingAutomotiveBanking/MortgageBusinessDevelopmentBusiness
OpportunityClerical/AdministrativeConstruction/FacilitiesConsumerGoodsCustomer
ServiceEducation/TrainingEnergy/UtilitiesEngineeringGovernment/MilitaryGreenHealthcareHospitality/TravelHuman ResourcesInstallation/MaintenanceInsuranceInternetJob Search AidsLaw Enforcement/SecurityLegalManagement/ExecutiveManufacturing/OperationsMarketingNon-Profit/VolunteerPharmaceutical/BiotechProfessional ServicesQA/Quality ControlReal EstateRestaurant/Food ServiceRetailSalesScience/ResearchSkilled LaborTechnologyTelecommunicationsTransportation/LogisticsOther * Your Business Zip Code* Partner
Select PartnerSecurityStudioFRSecureLofflerNetgainBergan KDVEarthbendMagenicHiTechRK DixonXigentBankers EquipmentProcellisNetwork CenterCMK ResourcesExpedient TechnologyImpact GroupCNE ITMarcoDisruptiveProspectrApplied TechEmptyGolfSPC InternationalNorthStar Technology GroupCorporate TechnologiesComputer Technology SolutionsCitonBluegrass TechnologyCopeland BuhlKT ConnectionsAtom CreekBroadReach CommunicationsOlsen ThielenUnited Technology GroupCPS TechnologyCommon Knowledge TechnologyMytech PartnersInterbit DataE-N ComputersVanBo* Referrer
Select
Referreralex-titzedrew-boekejohn-messlee-ann-villellapat-dillonsteve-marsdenmooresandy-forsbergkevin-orthevan-francen * Terms and Conditions* * I agree to the Terms and Conditionsof SecurityStudio
* Terms and Conditions version agreed to* score_text_good
A "Good" estimated S2SCORE® means that you have really spent time, money, and effort building a good information security program. The foundation of your program is laid, and now you're in "maintenance mode," although you still have some major projects and tasks to accomplish. The return on each information security dollar starts to diminish for organizations with a "Good" S2SCORE, so it's very important to spend each information security dollar wisely and to effectively communicate your information security measurement of risk. To accomplish this, schedule the full S2SCORE assessment with your partner, which will give you a clear picture of where to focus via a detailed Action Plan. * score_text_excellent An "Excellent" S2SCORE® is a rarity and something to take pride in. It's obvious that your organization has spent significant amounts of time, money, and effort to build a best-in-class information security program. You have the proper structures in place to maintain what you've painstakingly built, and now you can focus on 1) continuous improvement and 2) finding more tangible returns for your investment. Schedule the full S2SCORE assessment with your partner, which will give you a clear picture of where to focus via a detailed Action Plan, so you can share this with your customers, executive management, and boards of directors. A compromise of your defenses will always be a possibility, but you will likely detect such an event early on and be in a position to limit damages.* score_text_fair
A "Fair" estimated S2SCORE® means that you have done some really good things with respect to your organization's information security; however, significant gaps/risks still exist. Some of the foundational components of the program are in place, and it's time for the program to mature into a more formal business initiative. This is the point in the program where information security expenditures need to start providing real and tangible results. The question, "where should we spend our next information security dollar?" is an important one to support with facts instead of gut instinct. Start by scheduling the full S2SCORE assessment with your partner, which will give you a clear picture of where to focus via a detailed Action Plan. A compromise is still very much possible, but you are more likely to detect it and respond with some effectiveness. If executive management is involved with information security, which they probably are, continued improvement will only help them make better risk-based decisions.* score_text_poor
A "Poor" estimated S2SORE® means that you have significant areas of improvement for information security in your organization. Your information security program is not mature enough for sustained improvement, and a significant compromise is possible in the short term. Whether or not your organization would notice the threat, attack, and eventual compromise is not well known. Without significant improvements in your information security program, executive management's decisions regarding security may not be easily defended should an adverse event occur. It’s imperative that you schedule the full S2SCORE assessment with your partner, which will give you a clear picture of where to focus via a detailed Action Plan. * score_text_verypoor A "Very Poor" estimated S2SCORE® usually means that you haven't taken the necessary basic steps to protect your organization from a variety of threats. The information security program lacks formality, and a significant compromise is likely in the short term. To make matters worse, depending upon the type of threat, the compromise may go unnoticed for an extended period of time. If a compromise were to become known, executive management may not have the necessary proof to defend the organization against civil actions. It’s imperative that you schedule the full S2SCORE assessment with your partner, which will give you a clear picture of where to focus via a detailed Action Plan.*
ADMINISTRATIVE CONTROLS Controls that define the Information Security strategy, roles and responsibilities of workforce members.*
RISK MANAGEMENT
Please select all statements that apply to your organization: * Risk management processes are formally established, managed, and agreed to by all organizational stakeholders.* Yes
* No
* Not Sure
* The organization's approach to Information security risk management is comprehensive; accounting for administrative (people), physical, and technical threats and vulnerabilities.* Yes
* No
* Not Sure
* The organization has transferred information security risk by obtaining insurance.* Yes
* No
* Not Sure
*
INFORMATION SECURITY GOVERNANCE Please select all statements that apply to your organization: * The organization has defined a set of information security policies that are formally approved by executive management.* Yes
* No
* Not Sure
* Information security policies have been formally reviewed within the last twelve (12) months or less.* Yes
* No
* Not Sure
* We have identified and enabled a security manager, security officer, CISO or similar position within the organization.* Yes
* No
* Not Sure
*
HUMAN RESOURCES SECURITY Please select all statements that apply to your organization: * Management actively endorses and complies with the organization'ssecurity policies.
* Yes
* No
* Not Sure
* The organization has developed and implemented a formal information security awareness, education, and training program.* Yes
* No
* Not Sure
* Background checks are performed on employees, third-party and other associates in accordance with their roles and responsibilities, job function, and data sensitivity.* Yes
* No
* Not Sure
*
ASSET MANAGEMENT
Please select all statements that apply to your organization: * An asset management (or similar) policy exists and accounts for all information assets (physical, software, and data) from acquisition through disposition/disposal.* Yes
* No
* Not Sure
* Asset and/or information classification requirements have been defined, including the acceptable controls for protection.* Yes
* No
* Not Sure
* A complete, up-to-date, and detailed inventory of all cloud services used by the organization is maintained.* Yes
* No
* Not Sure
*
ACCESS MANAGEMENT
Please select all statements that apply to your organization: * Physical and logical access controls are intregated and formally considered in policy.* Yes
* No
* Not Sure
* Periodic reviews of user accounts, privileged accounts, and service/system accounts are conducted according to a definedprocedure.
* Yes
* No
* Not Sure
* The organization has formally defined practices for the use and protection of authentication information (passwords, PIN numbers, tokens, etc.) in policy.* Yes
* No
* Not Sure
*
CRYPTOGRAPHY
Please select all statements that apply to your organization: * Encryption requirements for protecting data at rest are documented and consistently followed.* Yes
* No
* Not Sure
* Encryption requirements for protecting data in transit are documented and consistently followed.* Yes
* No
* Not Sure
* Roles and responsibilities for the implementation of the encryption policy and key management are defined by management.* Yes
* No
* Not Sure
*
SECURITY OPERATIONS
Please select all statements that apply to your organization: * Required operational controls for information security are defined in policy and procedure, including (but not limited to) those for mobile device security, remote access/teleworking, systems configuration, change management, anti-malware, backups, event logging, vulnerability management, audit, network security, system acceptance testing, and vendor/third-party risk management.* Yes
* No
* Not Sure
* All vendors have been formally assessed for the inherent and residual risks they pose to the organization.* Yes
* No
* Not Sure
* Internal information security audits are conducted on a regularbasis.
* Yes
* No
* Not Sure
*
INCIDENT MANAGEMENT
Please select all statements that apply to your organization: * The organization follows a formal process to report information security events, such as loss of service, loss of equipment, loss of facilities, system malfunctions, system overloads, human errors, and non-compliances with policies or guidelines.* Yes
* No
* Not Sure
* Incident response procedures are tested on a periodic basis.* Yes
* No
* Not Sure
* The criteria and conduct for forensic investigations is defined and the protection of evidence is formally accounted for.* Yes
* No
* Not Sure
*
BUSINESS CONTINUITY MANAGEMENT Please select all statements that apply to your organization: * The organization has developed a formal business continuity plan (BCP) or disaster recovery (DR) process.* Yes
* No
* Not Sure
* Critical business assets and their dependencies have been identified and accounted for in recovery plans.* Yes
* No
* Not Sure
* Recovery plans are tested on a periodic basis, and have been tested within the past twelve (12) months.* Yes
* No
* Not Sure
*
COMPLIANCE
Please select all statements that apply to your organization: * All relevant statutory, regulatory, and contractual requirements have been explicitly defined and documented (e.g. GDPR, state breach notification laws, Massachusetts state law, HIPAA, GLBA, PCI, et al.)* Yes
* No
* Not Sure
* The frequency, scope, and method(s) for independent security reviews are documented.* Yes
* No
* Not Sure
* Information security policies and/or procedures that are specific to financial systems have been developed and implemented.* Yes
* No
* Not Sure
*
PHYSICAL CONTROLS
Physical Controls are the security controls that can often be touched and provide physical security to protect your information assets.*
FACILITY SECURITY
Please select all statements that apply to your organization: * Formal physical security policies and procedures exist, are up-to-date, and include the specific requirements for physical security and safety planning.* Yes
* No
* Not Sure
* Facility physical security risk assessments and/or security audits are conducted on a regular basis.* Yes
* No
* Not Sure
* Public and non-public entrances are clearly marked and/or obvious.* Yes
* No
* Not Sure
* Non-public entrances are sufficiently secured with effective andauditable controls.
* Yes
* No
* Not Sure
* Public spaces are covered by camera surveillance.* Yes
* No
* Not Sure
* The date and time of entry and departure of visitors is recorded.* Yes
* No
* Not Sure
* A listing of all restricted areas within and around the facility has been compiled and maintained.* Yes
* No
* Not Sure
* Public, delivery, or loading areas are staffed.* Yes
* No
* Not Sure
* Incoming materials are inspected for evidence of tampering and if such tampering is discovered it is immediately reported to securitypersonnel.
* Yes
* No
* Not Sure
*
EQUIPMENT AND INFORMATION Please select all statements that apply to your organization: * All sensitive equipment and systems are located in a securearea(s).
* Yes
* No
* Not Sure
* Areas containing sensitive equipment and systems are physically secured (e.g., all walls run deck-to-deck, doors are solid w/o vents, doors open outward and slam shut, a raised floors do not run under the doorway, locks and cardkey access are in place, and camera surveillance is employed).* Yes
* No
* Not Sure
* Fire suppression systems are adequate, code-compliant, and protected (within a secure location).* Yes
* No
* Not Sure
* Uninterruptible power supplies (UPS) are used on all sensitive equipment and systems, and sufficient runtime (>10 minutes) isprovided.
* Yes
* No
* Not Sure
* All network closets and/or wiring rooms are secured.* Yes
* No
* Not Sure
* Cabling is tidy, tied down, and labeled.* Yes
* No
* Not Sure
* Maintenance personnel have been subjected to background checks.* Yes
* No
* Not Sure
* Housekeeping personnel are actively supervised and monitored duringtheir actitivities.
* Yes
* No
* Not Sure
* Documented policy and procedures define clear desk and clear screen requirements for securing sensitive and critical business information during and after work hours.* Yes
* No
* Not Sure
*
TECHNICAL CONTROLS (INTERNAL) Internal technical controls are used to protect internal information resources, focusing on all technical controls that aren't associated with the traditional perimeter.*
NETWORK CONNECTIVITY Please select all statements that apply to your organization: * Connectivity between public networks and the organization's internal networks can only be obtained by passing through a firewall (or other packet filtering and control device).* Yes
* No
* Not Sure
* Traffic between public networks and internal networks is reviewed for the presence of malware.* Yes
* No
* Not Sure
* The internal network (LAN) is segmented according to system/information sensitivity and/or criticality using firewall rules or VLANs with Access Control Lists (ACLs).* Yes
* No
* Not Sure
*
REMOTE ACCESS
Please select all statements that apply to your organization: * Multi-factor authentication is used for remote access to ournetwork(s).
* Yes
* No
* Not Sure
* Remote access connection attempts and traffic are consistentlymonitored.
* Yes
* No
* Not Sure
* Third-party remote access connections are only enabled after an adequate review of the third-party's information security protections.* Yes
* No
* Not Sure
*
DIRECTORY SERVICES
Please select all statements that apply to your organization: * User account audits are conducted periodically to ensure that user accounts are sufficiently disabled and/or deleted.* Yes
* No
* Not Sure
* Service accounts are audited periodically and are secured according to a documented standard or procedure.* Yes
* No
* Not Sure
* Inactivity timeouts, account lockouts, system log settings, and strong authentication requirements are all enforced consistently with Group Policy (or other means).* Yes
* No
* Not Sure
*
SERVERS AND STORAGE
Please select all statements that apply to your organization: * All server systems are equipped with anti-malware protection, and validation of it's effectiveness is monitored consistently.* Yes
* No
* Not Sure
* Critical servers are equipped with additional protections such as a local firewall, additional monitoring, file integrity monitoring, and/or host-based intrusion prevention.* Yes
* No
* Not Sure
* Server systems cannot be used to perform other services such as checking email, Internet browsing, etc.* Yes
* No
* Not Sure
*
CLIENT SYSTEMS
Please select all statements that apply to your organization: * All client systems (workstations and laptops) are equipped with malware protection software.* Yes
* No
* Not Sure
* Users do not have local administrative privileges on theirworkstations.
* Yes
* No
* Not Sure
* Workstations are built and deployed according to defined secure standard or hardened build.* Yes
* No
* Not Sure
*
MOBILE DEVICES
Please select all statements that apply to your organization: * The number and assignment of all mobile devices throughout the organization is well-known, defined, and/or documented.* Yes
* No
* Not Sure
* Whole-disk/media encryption is employed to protect data stored on all mobile devices (laptops, smartphones, tablets et al.).* Yes
* No
* Not Sure
* Only explicitly approved wireless network usage is permitted onmobile devices.
* Yes
* No
* Not Sure
*
LOGGING, ALERTING, AND MONITORING Please select all statements that apply to your organization: * Performance data for critical systems is consistently logged andmonitored.
* Yes
* No
* Not Sure
* Information security-related events are consistently logged and monitored on all critical systems.* Yes
* No
* Not Sure
* A separate, isolated logging system is employed to collect andprotect log files.
* Yes
* No
* Not Sure
*
VULNERABILITY MANAGEMENT Please select all statements that apply to your organization: * Specific timelines and thresholds for vulnerability management have been set by management and are consistently met in practice.* Yes
* No
* Not Sure
* Authenticated vulnerability scanning is conducted on a monthly (or more frequent) basis, and vulnerabilities are classified according tothe CVSS score.
* Yes
* No
* Not Sure
* Critical-severity vulnerabilities are known and are consistently remediated/mitigated with 14 days of their discovery.* Yes
* No
* Not Sure
*
BACKUP AND RECOVERY
Please select all statements that apply to your organization: * A backup inventory (of what is backed up and how often) isavailable.
* Yes
* No
* Not Sure
* Backup data is stored in a location that is sufficiently distanced from the primary operational facility.* Yes
* No
* Not Sure
* Backups are periodically tested and validated.* Yes
* No
* Not Sure
*
TECHNICAL CONTROLS (EXTERNAL) External technical controls are focused on keeping the threats out of the internal technical environment. These controls make up the traditional perimeter, usually delineated with a firewall (orsimilar).
*
BEST PRACTICES
Please select all statements that apply to your organization: * Firewall rules are reviewed on a regularly scheduled basis, according to a documented review process.* Yes
* No
* Not Sure
* Network-based intrusion detection/prevention systems (IDS/IPS) are deployed to protect our public systems from internet-based attacks.* Yes
* No
* Not Sure
* Penetration testing has been conducted against all of our externally-facing systems within the past 12 months.* Yes
* No
* Not Sure
*
VULNERABILITY MANAGEMENT Please select all statements that apply to your organization: * External vulnerability scans are conducted on a quarterly basis, ormore often.
* Yes
* No
* Not Sure
* Within the past month, it has been confirmed that there are no critical-severity vulnerabilities exposed to the Internet.* Yes
* No
* Not Sure
* All web applications are scanned for vulnerabilities each time achange is made.
* Yes
* No
* Not Sure
* Phone
This field is for validation purposes and should be left unchanged.PRODUCTS
* S2ORG
* S2TEAM
* S2VENDOR
* S2ME
ASSESS
* Your Organization
* Your Employees
* Your Vendors
* Yourself
RESOURCES
* Blog
* VRM ROI Calculator* VRM Assessment
* Whitepaper: Financial VRM Regulation * Whitepaper: Healthcare VRM RegulationSECURITYSTUDIO
* Contact
* Support
* Sign up for free
* Get a demo
* Login
© 2020 SecurityStudio • Agreements and Terms • 5909 Baker Road, Suite 500 Minnetonka, Mn 55345 • 855-753-1746X
Scroll to top
×
×
Details
Copyright © 2024 ArchiveBay.com. All rights reserved. Terms of Use | Privacy Policy | DMCA | 2021 | Feedback | Advertising | RSS 2.0