Thank you for taking the time to complete our free assessment. Your input is valuable to us and will help us understand your vulnerabilities and recommend tailored solutions. Please provide the following details to help us better assess your situation. Rest assured, your information will be kept confidential and used solely for the purpose of this assessment.

Information:

1. First and Last Name

2. Email Address

3. Phone Number

4. What is your registered company name?

5. Please specify your job title (e.g., Chief Executive Officer).

Section A:

6. Do you collect, store, host, process, control, use or share any private or sensitive information* in either paper or electronic form?

  • Select your answer
  • Yes
  • No

    • 6.0.0 If “Yes”, please provide the approximate number of unique records:

    7. Paper records:

    8. Electronic records:

    Section B:

    9. *Private or sensitive information includes any information or data that can be used to uniquely identify a person, including, but not limited to, social security numbers or other government identification numbers, payment card information, drivers’ license numbers, financial account numbers, personal identification numbers (PINs), usernames, passwords, healthcare records, and email addresses.

  • Select your answer
  • Yes
  • No

    • 10. Do you collect, store, host, process, control, use or share any biometric information or data, such as fingerprints, voiceprints, facial, hand, iris or retinal scans, DNA, or any other biological, physical or behavioral characteristics that can be used to uniquely identify a person?

  • Select your answer
  • Yes
  • No

    • 10.0.0 If “Yes”, have you reviewed your policies relating to the collection, storage, and destruction of such information or data with a qualified attorney and confirmed compliance with applicable federal, state, local, and foreign laws?

    11. Do you process, store, or handle credit card transactions?

  • Select your answer
  • Yes
  • No

    • 11.0.0 If “Yes”, are you PCI-DSS Compliant?

    12. Do you tag external emails to alert employees that the message originated from outside the organization?

  • Select your answer
  • Yes
  • No

    • 12.0.0 If “Yes”, have you reviewed your policies relating to the collection, storage, and destruction of such information or data with a qualified attorney and confirmed compliance with applicable federal, state, local, and foreign laws?

    13. Do you pre-screen emails for potentially malicious attachments and links?

  • Select your answer
  • Yes
  • No

    • 13.0.0 If “Yes”, do you have the capability to automatically detonate and evaluate attachments in a sandbox to determine if they are malicious prior to delivery to the end-user?

    14. Which of the following have you implemented to protect against phishing messages?

    Sender Policy Framework (SPF)

    DomainKeys Identified Mail (DKIM)

    Domain-based Message Authentication, Reporting & Conformance (DMARC)

    None of the above

    15. Can your users access their email through a web application or a non-corporate device?

  • Select your answer
  • Yes
  • No

    • 15.0.0 If “Yes”, do you enforce Multi-Factor Authentication (MFA)?

    16. Do you use Office 365 in your organization?

  • Select your answer
  • Yes
  • No

    • 16.0.0 If “Yes”, do you use the Office 365 Advanced Threat Protection add-on?

    17. Do you use a cloud provider to store data or host applications?

  • Select your answer
  • Yes
  • No

    • 17.0.0 If “Yes”, please provide the name of the cloud provider:

    17.0.1 If you use more than one cloud provider to store data, please specify the cloud provider storing the largest quantity of sensitive customer and/or employee records.

    18. Do you use MFA to secure all cloud provider services that you utilize?

  • Select your answer
  • Yes
  • No

    • 19. Do you encrypt all sensitive and confidential information stored on your organization’s systems and networks? If “No”, are the following compensating controls in place; If "Yes", select "None of the above":

    Segregation of servers that store sensitive and confidential information

    Access control with role-based assignments

    None of the above

    20. Do you allow remote access to your network?

  • Select your answer
  • Yes
  • No

    • 20.0.0 If “Yes”, Do you use MFA to secure all remote access to your network, including any remote desktop protocol (RDP) connections? If MFA is used, please select your MFA provider:

    21. Do you use a next-generation antivirus (NGAV) product to protect all endpoints across your enterprise?

  • Select your answer
  • Yes
  • No

    • 21.0.0 If “Yes”, please select your NGAV provider:

    22. Do you use an endpoint detection and response (EDR) tool that includes centralized monitoring and logging of all endpoint activity across your enterprise?

  • Select your answer
  • Yes
  • No

    • 22.0.0 If “Yes”, please select your EDR provider:

    23. Do you use MFA to protect access to privileged user accounts?

  • Select your answer
  • Yes
  • No

    • 24. Do you manage privileged accounts using privileged account management software((e.g., CyberArk, BeyondTrust, etc.)?

  • Select your answer
  • Yes
  • No

    • 24.0.0 If “Yes”, please provide the name of your provider:

    25. Do you actively monitor all administrator access for unusual behavior patterns?

  • Select your answer
  • Yes
  • No

    • 25.0.0 If “Yes”, please provide the name of your monitoring tool:

    26. Do you roll out a hardened baseline configuration across servers, laptops, desktops, and managed mobile devices?

  • Select your answer
  • Yes
  • No

    • 27. Do you record and track all software and hardware assets deployed across your organization?

  • Select your answer
  • Yes
  • No

    • 27.0.0 If “Yes”, please provide the name of the tool used for this purpose (if any):

    28. Do non-IT users have local administration rights on their laptop/desktop?

  • Select your answer
  • Yes
  • No

    • 29. How frequently do you install critical and high severity patches across your enterprise?

    1-3 days

    4-7 days

    8-30 days

    One month or longer

    30. Do you have any end-of-life or end-of-support software?

  • Select your answer
  • Yes
  • No

    • 30.0.0 If “Yes”, is it segregated from the rest of your network?

    31. Do you use a protective DNS service to block access to known malicious websites?

  • Select your answer
  • Yes
  • No

    • 31.0.0 If “Yes”, please provide the name of your DNS provider:

    32. Do you use endpoint application isolation and containment technology on all endpoints?

  • Select your answer
  • Yes
  • No

    • 32.0.0 If “Yes”, please select your provider:

    33. Can users run Microsoft Office Macro enabled documents on their system by default?

  • Select your answer
  • Yes
  • No

    • 34. Do you implement PowerShell best practices as outlined in the Environment Recommendations by Microsoft?

  • Select your answer
  • Yes
  • No

    • 35. Do you utilize a Security Information and Event Management (SIEM) system?

  • Select your answer
  • Yes
  • No

    • 36. Do you utilize a Security Operations Center (SOC)?

  • Select your answer
  • Yes
  • No

    • 36.0.0 If “Yes”, is it monitored 24 hours a day, 7 days a week?

    37. Do you use a vulnerability management tool?

  • Select your answer
  • Yes
  • No

    • 37.0.0 If “Yes”, please select your provider:

    38. Do you use a data backup solution? If “Yes” How frequently does it run?

    Daily

    Weekly

    Monthly

    No, I do not use a data backup solution

    39. Estimated amount of time it will take to restore essential functions in the event of a widespread malware or ransomware attack within your network?

    0-24 hours

    1-3 days

    4-6 days

    1 week or longer

    40. Please check all that apply:

    Backups are encrypted.

    Backups are kept separate from your network (offline/air-gapped), or in a cloud service designed for this purpose.

    Backups are secured with different access credentials from other administrator credentials.

    You utilize MFA to restrict access to your backups.

    You use a cloud-syncing service (e.g., Dropbox, OneDrive, SharePoint, Google Drive) for backups.

    Your cloud-syncing service is protected by MFA.

    You have tested the successful restoration and recovery of key server configurations and data from backups in the last 6 months.

    You are able to test the integrity of backups prior to restoration to ensure that they are free of malware.

    41. Do any of the following employees at your company complete social engineering training:

    • Employees with financial or accounting responsibilities?
    • Employees without financial or accounting responsibilities?
  • Select your answer
  • Yes
  • No

    • 41.0.0 If “Yes” to question 9.a.(1) or 9.a.(2) above, does your social engineering training include phishing simulation?

    42. Does your organization send and/or receive wire transfers? If “Yes”, does your wire transfer authorization process include the following:

    A wire request documentation form?

    A protocol for obtaining proper written authorization for wire transfers?

    A separation of authority protocol?

    A protocol for confirming all payment or funds transfer instructions/requests from a new vendor, client, or customer via direct call to that vendor, client, or customer using only the telephone number provided by the vendor, client, or customer before the payment or funds transfer instruction/request was received?

    A protocol for confirming any vendor, client, or customer account information change requests via direct call to that vendor, client, or customer using only the telephone number provided by the vendor, client, or customer before the change request was received?

    No, we do not send and/or receive wire transfers

    43. In the past 3 years, has the Applicant or any other person or organization proposed for this insurance:

    Received any complaints or written demands or been a subject in litigation involving matters of privacy injury, breach of private information, network security, defamation, content infringement, identity theft, denial of service attacks, computer virus infections, cyber extortion, or other cyber-related incidents

    Sustained any system intrusions, tampering, virus or malicious code attacks, loss of data, loss of portable media, hacking incidents, extortion attempts, or theft of information

    Sustained any unscheduled network outages or interruptions

    Notified customers or any other third party of a data breach incident

    Been the subject of a government action, investigation, or subpoena regarding any alleged violation of a privacy law or regulation

    Received any complaints, claims, or been subject to litigation involving sexual harassment, invasion of privacy, wrongful collection of private information, discrimination, or wrongful employment practices

    Devtegrate DevOps

    Devtegrate: Transforming Digital Solutions

    Devtegrate is a leading technology solutions provider specializing in cloud services, cybersecurity, and IT management. With a commitment to delivering innovative and reliable solutions, Devtegrate helps businesses navigate the complexities of the digital landscape.