Threat analysis
- What type of threats are you most concerned about? (Select all that apply)
c Negligent data breach (e.g. user ignoring policy, but not malicious)
c Inadvertent data breach / leak (e.g. careless user causing accidental breach)
c Malicious data breach (e.g. external attack)
a Other (please specify)
Website due to free plugin usage redirect to other links which we have loss complete access of the wbesite at once and hard to recover the website__________________________________________________________________________________________________________________________________________
- What motivations for malicious threats are you most concerned about? (Select all that apply)
c Hacking
a Surveillance
a Info gathering
c Other (please specify) __________________________________________________________________________________________________________________________________________
- What IT assets are most vulnerable to attacks? (Select all that apply)
c E-mail
c Databases
c File servers
a Mobile devices
c Network
c Cloud applications
a External website
c Other (please specify) _________________________________________________
- Which adversaries pose the largest security risk to the organisation? (Select up to 3)
c Hostile authorities
a Hackers
c Privileged IT users / admins
a Careless employees
a Contractors / service providers / temporary workers
c Other (please specify) _________________________________________
- In your opinion, what types of applications are most vulnerable to attacks? (Select all that apply)
a Website
c Basic apps (word processing, spreadsheets, etc)
c Disaster recovery / storage / archiving
a Social media (Facebook, LinkedIn, Twitter, etc)
a Collaboration & communication systems (email, messaging)
c Sales & Marketing (CRM, marketing automation, etc)
c Cloud storage & file sharing apps (DropBox, OneDrive, etc)
c Finance & accounting databases
c Other (please specify) _________________________________________
- What types of data are most vulnerable to attacks? (Select up to 3)
a Operations/campaigns data
a Community/supporters data
c Financial data
a Staff data
c Organisation data
c Other (please specify) _________________________________________
- Have you received any kind of attack over the last 12 months? (Select one)
a Yes [What kind?] Website redirected to other URL due to free plugin
c No
c Not sure
- What are the main reasons why threats are rising? (Select all that apply)
c Increasing use of cloud apps and infrastructure
c Insufficient data protection strategies or solutions
c More employees, contactors, partners accessing the network
a Increased public knowledge or visibility of organisation’s activities
c Technology is becoming more complex
c Data increasingly leaving the network perimeter via mobile devices and external Web access to internal data.
c Increasing number of devices with access to sensitive data
c Increasing amount of sensitive data
a Lack of employee training / awareness ( May be)
c Other (please specify) _________________________________________
- How vulnerable is your organization to threats? (Select one)
c Extremely vulnerable
c Moderately vulnerable
a Slightly vulnerable
c Not at all vulnerable
- Do you include cyber attacks in your risk management framework? (Select one)
a Yes
c No
c Not sure
- Do you already have an Information Security and Integrity Policy in place? (Select one)
a Yes
c No
- What are the biggest barriers to better threat management? (Select up to 3)
a Lack of training & expertise c Not a priority
c Lack of suitable technology
a Lack of budget
c Other (please specify) _________________________________________
- Do you monitor key assets and file management? (Select one) c Yes, all key assets are inventoried and monitored
a Yes, a majority of key assets are inventoried and monitored
c Yes, but less than 50% of key assets are inventoried and monitored
c No, we have not completed the inventory of key assets
c Key asset management is not part of our security posture
c Other (please specify) _________________________________________
- Do you monitor data access and movement? (eg. email) (Select one)
c No – we don’t monitor data access and movement at all
c Yes – but access logging only
c Yes – but only after an incident
a Yes – we continuously monitor data access and movement and proactively
identify threats (but this needs to be improved)