Cyber Security Qualification Questionnaire

  1. What is the top cybersecurity concern that the business faces today?

  2. Have they allocated enough resources to properly address the most significant cybersecurity threats? What specifically have they done?

  3. How have we confirmed that we are following regulatory requirements for our industry?

  4. Does the company currently do business with the US Government or a state entity or do they plan to in the future?

  5. Is rogue IT (unsanctioned device/application use) a security threat here, and if so, what are they doing to address the situation?

  6. Does the company have a complex password policy for their employees and how frequently do they require them to be changed?

  7. What firewall are they using and does it incorporate the latest in threat detection and prevention technologies?

  8. What is the company’s disaster recovery plan and when was it reviewed and updated?

  9. Have they adequately addressed the risk posed by employees, including education and training, policies regarding internet and device use, and employee turnover risks?

  10. Is all sensitive data secure (in storage and when transmitted) and backed up on a routine basis? Where is the backup kept? Is it protected?

  11. What is their plan for identifying and addressing cyber threats? Is it current?

  12. Is the company vulnerable to third-party applications hosted on their network?

  13. What does the company need to do to ensure IT security moving forward?