Skip to content
Blog Program Health Self-Check

Program Health Self-Check

Understanding Your Business, Information, Risk, and Threats

 

1. Do you have an information classification program that helps your workforce members identify your most important information, business processes, and IT assets?

2. Do you have a process to collect and share back threat intelligence?

 

Managing Your Risk

 

3. Do you have a process for keeping your systems patched and managing vulnerabilities?

4. Do you have well-communicated Information Security policies, procedures, and practices (e.g. multi-factor
authentication, encryption, etc.)?

5. Do you have a defined security architecture thatenables you to protect assets, detect events, and respond to threats?

6. Are your security tools deployed efficiently and effectively, providing maximum value without duplication?

7. Does your information security program address your Internet of Things, Industrial Control Systems Operational Technologies, and/or Digital Products?

 

Responding to Security Events & Breaches

 

8. Do you have enterprise incident response and disaster recovery plan(s) that address cyber events like ransomware, insider theft/sabotage, and denial of service attacks?

9. Do you know what your first three actions would be if a partner, customer, or law enforcement agency informed you that you had been breached?

10. Have you practiced your response to a cyber incident with current stakeholders and key participants?

 

Governing and Measuring Your Program

 

11. Do you know what you’re spending on security, and how those resources/efforts are reducing your information risk?

12. Do you have good answers when your board or executive leaders ask how the current headline affects your organization?

13. Do you know how many third parties have access to your sensitive information, and that they are protecting it well?

 

Workforce Awareness and Behavior Change

 

14. Do you know how susceptible your organization is to phishing, social engineering, or physical information theft?

15. Do you have an awareness program that engages your workforce and creates positive change in cybersecurity?
About the author
Aaron Pritz
Aaron Pritz is a veteran cybersecurity professional with experiences within IT, Six Sigma, privacy, insider threat, and risk management. He is the CEO and Co-Founder of Reveal Risk, a boutique cybersecurity, privacy, and risk consultancy and has over 20 years of experience in the field. He held various leadership roles in the pharmaceutical industry for 17 years before pivoting to a client advisory role and co-founding Reveal Risk. He applies robust knowledge, his industry networks, and creativity to solve some of the toughest challenges in the field

Related content.