Please specify your role in the organisation
How many people does your company employ?
In which industry does your company operate?
1. To what extent are you responsible for oversight and day-to-day-operations of the cyber security programme at your organisation?
2. Did you suffer one or more security breaches or outsider attacks in the past year?
4. What, if any, staff-related incidents did you suffer?
5. What do you consider to be your greatest security risk?
6. How quickly can you remediate security breach events in general? (By remediate, we mean stopping attacks so that no further damage can occur.)
7. What security tools/solutions has your organisation implemented?
8. How frequently are security risk assessments conducted at your organisation?
8a. Do you carry out security risk assessments through a formal/recognised framework or standard?
9. Which standards and good practice guides have you implemented?
10. How frequently do you provide training to staff on security threats?
12. What prevents, or delays, investment in IT security?
13. How do you measure the effectiveness of your security expenditure?
14. What is the primary driver for your security expenditure?
15. Do you have cyber insurance?
16. What governance and risk management do you have in place?
17. What information do you use to help you evaluate security threats to your organisation?
18. How do you prevent staff misuse/abuse?
19. What steps have you taken to mitigate mobile device risk?
20. Does your organisation adhere to IT process or security frameworks?
20a. Rate your level of security for each of the following areas (1 = None, 5 = Excellent)
21. How confident are you that your organisation is ready to comply with the POPI Act?
21a. How confident are you that your organisation is ready to comply with GDPR?
22. What, if anything, are you doing to prevent lateral movement within your data centre?
23. What maturity level is your organisation's cyber security programme currently at?
24. Has penetration testing ever been performed in your organisation?
25. Does server virtualisation limit the visibility of traffic flows in your data centre? (In other words, can you see VM to VM network traffic?)
26. Branch security could be a weakness that compromises your organisations’ security. Does SD-WAN factor into how you do branch security planning?