5 Minute Security Assessment for Businesses

Assessment questions
Do we have a firewall active at all ingress points of the network?
Yes - 5 points, No - 0 points

Does our team control all firewalls?
Yes - 5 points, No - 0 points

Do we have the following basic technical policies in place?
Add 1 point for each policy in place

Password complexity
Password retention
Password history
Logon hours
Controlled registry editing

Does everyone in the organization have their own individual and unique username for all activities?
Yes - 5 points, No - 0 points

Do we have logon/logoff auditing active on all servers and stations?
Yes - 5 points, No - 0 points

Do we have a testing environment for patches, new versions and new software before it is rolled out into production?
Yes - 5 points, No - 0 points

Do we have written procedures for regulating the above questions as process?
Add 1 point for each procedure in place

Assessment results

• 30-36 points - Very good security posture - You have the basics of a great security governance. Continue developing in both the procedural and technical levels of security
• 20-30 points - Acceptable security posture - You are lacking in written procedures and change management, but basic technical security is at a good level - you need to work harder on formalization
• 10-20 points - Basic security posture - Very basic security, lacking in any formal process of security, and also probably missing elements in auditing, ingress path control and technical policies. You need to go a long way, and you should have started yesterday!
• 0-10 points - Disaster waiting to happen - So you have firewalls? Really? And maybe you’ve even plugged them in? Hire a good security expert - after firing your current one and start getting somewhere

Reference

• 5 Minute Security Assessment for Businesses: http://information-security-resources.com/2009/08/17/5-minute-security-assessment-for-businesses/