Human, Organizational, and Regulatory Aspects
Managed Level
(1)The organization follow Cyber security Authorities regulations and recommendations (or vendors) in term of cyber security.
Your total score is:
Human, Organizational, and Regulatory Aspects
Managed Level
(2)The organization applies policies and standards for ex; NCA policy, OPT standards, ISO standards etc.
Your total score is:
Human, Organizational, and Regulatory Aspects
Managed Level
(3)The organization enforce software/Internet use policies.
Your total score is:
Human, Organizational, and Regulatory Aspects
Managed Level
(4)The organization apply human security hygiene concept.
Your total score is:
Human, Organizational, and Regulatory Aspects
Managed Level
(5)The organization understand and adhere to any applicable data privacy and compliance regulations (GDPR, PCI DSS, HIPAA, etc.)
Your total score is:
Human, Organizational, and Regulatory Aspects
Defined Level
(6)The organization have a qualified team to solve the vulnerabilities encountered and investigate the tickets (The organization invest in security teams).
Your total score is:
Human, Organizational, and Regulatory Aspects
Defined Level
(7)The organization train employees/decision makers on healthy cyber practices.
Your total score is:
Human, Organizational, and Regulatory Aspects
Defined Level
(8)The organization have a solid Security Operation Center (SOC) team to detect and have 360ยบ view of the organization work.
Your total score is:
Human, Organizational, and Regulatory Aspects
Predictable Level
(9)The organization build use cases/scenarios in the SOC, to identify zero-day vulnerability (to identify impacted devices, or identify vulnerable devices).
Your total score is:
Human, Organizational, and Regulatory Aspects
Predictable Level
(10)The organization have PURPLE team (red & blue) collaboration to discover vulnerabilities before attackers do.
Your total score is:
Human, Organizational, and Regulatory Aspects
Predictable Level
(11)The organization put efforts to increase awareness/educate users.
Your total score is:
Human, Organizational, and Regulatory Aspects
Optimizing Level
(12)The organization have an adequate Cyber Security detection, mitigation, prevention, and recovery strategy (a fully-aligned security strategy) for the business.
Your total score is:
Human, Organizational, and Regulatory Aspects
Optimizing Level
(13)The organization have a Research and Development team (RND) to research vulnerabilities, find zero-days, and try to fix them.
Your total score is:
Human, Organizational, and Regulatory Aspects
Optimizing Level
(14)The organization supports/deals with/holds Zero Day Initiative (bounty programs).
Your total score is:
Human, Organizational, and Regulatory Aspects
Optimizing Level
(15)The organization security experts always stay informed: Zero day exploits aren't always publicized, but occasionally, you'll hear about a vulnerability that could potentially be exploited.
Your total score is:
Human, Organizational, and Regulatory Aspects
Optimizing Level
(16)The organization uses threat sharing resources and vulnerability disclosures to stay aware of the latest security threats and mitigate risk accordingly.
Your total score is:
Attacks and Defenses
Managed Level
(1)The organization has/uses monitoring applications/Solutions.
Your total score is:
Attacks and Defenses
Managed Level
(2)The organization applies input validation.
Your total score is:
Attacks and Defenses
Managed Level
(3)The organization use encryption methods.
Your total score is:
Attacks and Defenses
Defined Level
(4)The organization detect zero-day attacks by looking for suspicious behavior.
Your total score is:
Attacks and Defenses
Defined Level
(5)The organization perform vulnerability scanning.
Your total score is:
Attacks and Defenses
Defined Level
(6)The organization covers each stage in attacks lifecycle (Cyber Kill Chain).
Your total score is:
Attacks and Defenses
Defined Level
(7)The organization use/have initial solutions, or temporary solutions to limit the impact of a zero-day (until patch release).
Your total score is:
Attacks and Defenses
Defined Level
(8)The organization do NOT leave default credentials/ configurations of security tools as it is. [Regularly review system configurations]
Your total score is:
Attacks and Defenses
Predictable Level
(9)The organization has an Incident Response Plan ready.
Your total score is:
Attacks and Defenses
Predictable Level
(10)The organization has Patch Management.
Your total score is:
Attacks and Defenses
Predictable Level
(11)The organization invest in security control tools like DLP, Sandboxing Solutions, SPF, DMARC, DKIM, SIEM technologies etc.
Your total score is:
Attacks and Defenses
Predictable Level
(12)The organization work out an emergency response solution to help quickly prevent attacks and minimize losses.
Your total score is:
Attacks and Defenses
Optimizing Level
(13)The organization practices/applies defense in depth.
Your total score is:
Attacks and Defenses
Optimizing Level
(14)The organization uses/applies Zero Trust security model.
Your total score is:
Attacks and Defenses
Optimizing Level
(15)The organization uses MITRE framework.
Your total score is:
Attacks and Defenses
Optimizing Level
(16)The organization applies Threat intelligence.
Your total score is:
Systems Security
Managed Level
(1)The organization cares about remaining in control of your data.
Your total score is:
Systems Security
Managed Level
(2)The organization applies system security hygiene concept.
Your total score is:
Systems Security
Managed Level
(3)The organization cares about NOT sharing passwords and keys between systems.
Your total score is:
Systems Security
Defined Level
(4)The organization enforce a least privilege model.
Your total score is:
Systems Security
Defined Level
(5)The organization make sure to back up: Backups for the data itself and for the datacenter.
Your total score is:
Systems Security
Defined Level
(6)The organization applies systems baselining and hardening (for Detection).
Your total score is:
Systems Security
Predictable Level
(7)The organization cares about Resources availability which have a direct role in its ability to defend against zero-day exploits. Note: Available resources include knowledgeable security personnel, software, and hardware.
Your total score is:
Systems Security
Predictable Level
(8)The organization cares about internal systems/servers and its updates as well as external servers/systems facing the Internet.
Your total score is:
Systems Security
Optimizing Level
(9)The organization applies an objective, passive and proactive approach and keep away from subjective, predictive and reactive approaches.
Your total score is:
Systems Security
Optimizing Level
(10)The organization applies the SASE architecture.
Your total score is:
Software and Platform Security
Managed Level
(1)The organization uses only essential applications.
Your total score is:
Software and Platform Security
Managed Level
(2)The organization keeps all software, web browsers, operating system up to date. (keep updated).
Your total score is:
Software and Platform Security
Managed Level
(3)The organization follows the idea "assume you are compromised, and that you will get compromised again".
Your total score is:
Software and Platform Security
Managed Level
(4)The organization ensures secure code.
Your total score is:
Software and Platform Security
Defined Level
(5)The organization uses a firewall/Web Application Firewall (WAF).
Your total score is:
Software and Platform Security
Defined Level
(6)The organization deploy an IDS or IPS (on software level).
Your total score is:
Software and Platform Security
Defined Level
(7)The organization uses runtime application self-protection (RASP) agents.
Your total score is:
Software and Platform Security
Defined Level
(8)The organization implements browser isolation.
Your total score is:
Software and Platform Security
Defined Level
(9)The organization ensures that monitoring applications are being created automatically.
Your total score is:
Software and Platform Security
Predictable Level
(10)The organization uses a comprehensive/Next Generation antivirus software solution.
Your total score is:
Software and Platform Security
Predictable Level
(11)The organization ensures safe/secure administration of systems.
Your total score is:
Software and Platform Security
Predictable Level
(12)The organization recommends when finding a vulnerability to follow the logs and traffic on the firewalls itself, and watch the tickets itself, using multiple different ports, different protocols.
Your total score is:
Software and Platform Security
Predictable Level
(13)The organization uses โheuristics-basedโ antivirus detection software
Your total score is:
Software and Platform Security
Optimizing Level
(14)The organization implements Application Whitelisting.
Your total score is:
Software and Platform Security
Optimizing Level
(15)The organization deploys AI-based threat detection tools.
Your total score is:
Software and Platform Security
Optimizing Level
(16)The organization cares about patching correctly, as better patches could reduce the number of zero-days.
Your total score is:
Infrastructure Security
Managed Level
(1)The organization minimizes the number of devices facing the Internet.
Your total score is:
Infrastructure Security
Managed Level
(2)The organization uses virtual local area networks (Virtual LAN).
Your total score is:
Infrastructure Security
Managed Level
(3)The organization uses secure ports for its network [Secure all gateways (servers, networks, email, etc.)]
Your total score is:
Infrastructure Security
Managed Level
(4)The organization checks for unknown connection to the foreign network.
Your total score is:
Infrastructure Security
Managed Level
(5)The organization supports Comprehensive real-time Network Analysis and Visibility (NAV).
Your total score is:
Infrastructure Security
Defined Level
(6)The organization deploys an IDS or IPS (on network level).
Your total score is:
Infrastructure Security
Defined Level
(7)The organization implements Network Access Control.
Your total score is:
Infrastructure Security
Defined Level
(8)The organization implements IPsec, the IP security protocol.
Your total score is:
Infrastructure Security
Defined Level
(9)The organization ensures encryption of network traffic, especially the payload, to protect the integrity and confidentiality of the data in the packets traversing the network.
Your total score is:
Infrastructure Security
Defined Level
(10)The organization ensures QoS, to distribute the requests on multiple zones etc.
Your total score is:
Infrastructure Security
Predictable Level
(11)The organization adopts a multi-layered approach as its security posture.
Your total score is:
Infrastructure Security
Predictable Level
(12)The organization works on reducing its Attack Surface.
Your total score is:
Infrastructure Security
Predictable Level
(13)The organization performs network scanning continuously through penetration testing and vulnerability findings. (generate reports)
Your total score is:
Infrastructure Security
Predictable Level
(14)The organization implements network segmentation.
Your total score is:
Infrastructure Security
Predictable Level
(15)The organization has an inventory list of the entire infrastructure in the organization, in which applications are categorized based on criticality to business.
Your total score is:
Infrastructure Security
Optimizing Level
(16)The organization adopts Endpoint Detection and Response (EDR) solutions.
Your total score is:
Infrastructure Security
Optimizing Level
(17)The organization implements single packet authorization.
Your total score is:
Infrastructure Security
Optimizing Level
(18)The organization implements monitoring for persistence techniques such as auto start extensible points, run and run once registry keys, services registration, scheduled tasks, dll hijacking.
Your total score is:
Infrastructure Security
Optimizing Level
(19)The organization implements monitoring for suspicious communication that alert for data exfiltration.
Your total score is:
