Cyber Risk Maturity Self-Evaluation

Programs & Policies

Ensure cyber risk program policies are right sized to the organization and aligned to the business goals.
1. Do you have a cyber risk management program?(Required)
2. Do you guide your staff with cyber security policies?(Required)
3. Do you have a cyber security program?(Required)

Training & Awareness

Enable role specific training to elevate organizational skills and raise awareness to their responsibilities.
4. Do you train your staff on cyber security?(Required)

Operational Processes

Fortify change, problem and incident management processes, and assure proper provisioning and deprovisioning access to critical applications and systems.
5. Do you document and comply with your cyber security processes?(Required)
6. Do you monitor, manage, and patch your IT hardware and software assets?(Required)
7. Do you have change and problem management processes?(Required)

Crisis Management & Incident Response

Establish, assign and practice crisis management and incident response activities to ensure ongoing business resiliency.
8. Do you have a Cyber Security Incident Response Plan??(Required)

Contingency Planning

Document data flows, analyze business impact, document recovery requirements, and test resiliency against cyber and other threat scenarios.
9. Do you back up and can you restore your critical data?(Required)

Business Context

10. Is your cyber risk program aligned to business objectives?(Required)
11. Do you document critical business processes and recovery requirements?(Required)

Governance & Compliance

Streamline ownership, accountability and activities to continuously comply with internal and external risk and compliance factors.
12. Do you comply with laws and regulations impacting your business?(Required)
13. Do you manage third party risk and/or your supply chain?(Required)
14. Do you have a current inventory of all IT hardware?(Required)
15. Do you have a current inventory of all software?(Required)
16. Do you know where your critical data is and how it is protected?(Required)

Risk Management

Define the tolerance for business risks to baseline, measure and manage risk decisions.
17. Do you have a risk register and risk tolerance defined?(Required)
18. Do you have an IT or cyber risk committee?(Required)

Controls Framework

Align controls to business context prioritization, benchmark against relevant framework best practices, and harmonize control sets across compliance mandates.
19. Do you assess your cyber security posture?(Required)
20. Do you have a defined cyber security framework?(Required)