Cyberscore plugin test - Core Networks

Cyberscore plugin test

Cyberscore Assessment

1/3

#1 Infrastructure

Answer the questions below

CyberScore

We maintain an inventory of all workstations, servers and network equipment and we have implemented a sustainable hardware refresh cycle.

Recommendations

Purchase date, serial and warranty tracked on all equipment and hardware is replaced when it reaches end-of-life

Addresses

Workstation and server inventory and warranty

We utilize an incident ticketing system, we provide our management team with regular response and resolution time reports and the results of those reports are meeting the organization's expectations.

Recommendations

Online ticketing service desk where all incidents are logged and reported on

Addresses

Service desk ticketing, time tracking and reporting

Our wireless network prevents guests from accessing our internal network and employees have unique usernames and passwords assigned for wireless access.

Recommendations

Separate employee and guest wireless networks and RADIUS auth with Active Directory or Azure AD

Addresses

Wireless infrastructure security and management

Our office locations utilize redundant internet service provider connections, and our firewall or router automatically swaps connections in the event of an outage.

Recommendations

Primary copper/fiber and backup cable (COAX) connection and firewall with automatic ISP failover

Addresses

Redundant internet connectivity and automatic failover

Our servers and network equipment are protected with uninterruptible power supply units that maintain a minimum of 10 minutes runtime and automatically power down servers hosting critical data.

Recommendations

APC UPS with managed ethernet for power monitoring automatic server shutdown feature.

Addresses

Power protection, power monitoring and automatic shutdown

#2 Cybersecurity

cybersecurity

Answer the questions below

CyberScore

The level of cybersecurity insurance carried by our business is adequate to protect our organization and our clients from financial loss.

Recommendations

Standalone policy with 1m per occurrence and 2m of aggregate coverage

Addresses

Cyber liability insurance coverage

I am confident that we have the proper cybersecurity software deployed to protect personal and corporate data from attacks such as phishing and ransomware.

Recommendations

Advanced EDR with 24/7/365 Security Operations and Real-Time Remediation

Addresses

Cybersecurity software and 24/7 security operations

We use single sign on and two-factor authentication across all critical line of business applications such as Office 365, our ERP system and remote access.

Recommendations

Email, outside access to ERP and VPN, RDP, VDI all use DUO or Microsoft MFA

Addresses

Multi-factor authentication

We engage with all organization employees and properly train them to identify ransomware, phishing and social engineering attacks coming from email, text message and web sites.

Recommendations

End-user training software with at least bi-weekly phish testing and real-time micro learning

Addresses

Employee security awareness training and phish testing

All organization IT systems and devices that contain PII or sensitive company information are encrypted to protect against loss or left.

Recommendations

Bitlocker AES 256 encryption managed by Azure Active Directory

Addresses

Workstation and server encryption

#3 Compliance

compliance

Answer the questions below

CyberScore

We apply regular server and workstation security patches and updates across our technology infrastructure.

Recommendations

Weekly Windows and Mac OS updates are applied using an automated patching system

Addresses

Endpoint security patching

We have a properly segmented corporate network (meaning workstations, servers, phones and guests are kept in separate logical networks).

Recommendations

VLAN segmentation and proper access control is in place to prevent unauthorized access between networks

Addresses

Network segmentation using VLANs

We perform a regular network vulnerability scan and have archived all historical scan data for reporting and compliance purposes.

Recommendations

Ongoing Rapidfire Tools Cyberhawk network scans with a minimum of quarterly Network Detective scans.

Addresses

Regular network vulnerability scans

We have a written information security policy (WISP) that has been agreed to by all employees.

Recommendations

Centrally documented WISP that includes User Termination, Incident Response, Sanction, Network Security, Access Control, Computer Use, Equipment Disposal, BYOD and Facility Security policies.

Addresses

Written Information Security Policy

We are meeting all state and federal compliance requirements such as HIPAA, PCI DSS, FINRA and the New York SHIELD Act and we are confident we would pass an audit.

Recommendations

Depending upon specific vertical. Nearly every NJ business will have some level of NY SHIELD compliance requirements.

Addresses

Regulatory compliance audits

#4 Backup & Disaster Recovery

Answer the questions below

CyberScore

We proactively monitor our server and cloud infrastructure for failures and performance issues so that business affecting problems can be prevented.

Recommendations

Service and network monitoring with real-time alerting and paging – responsible parties respond and remediate

Addresses

Network and infrastructure monitoring and pro-active remediation

We regularly review our backup strategy, and we adhere to a documented process for backup frequency, retention and location.

Recommendations

Centrally documented backup and RPO (recovery point objective) document agreed to by all relevant parties

Addresses

Documented backup and recovery point objective

We perform regular backup recovery testing, and we have a clear time objective for restoring critical systems and data.

Recommendations

At least quarterly recovery testing performed and logged of file, server and environment

Addresses

Documented recovery time objective determined by regular backup recovery testing and logging

Along with our management team, we understand how our technology infrastructure supports our key business processes and we have calculated our costs of technology infrastructure downtime.

Recommendations

Cost of user, department, location and company downtime calculated, documented and known so it can be utilized when making IT related decisions

Addresses

Understanding costs of downtime for a user, department and company-wide

We have a well-defined disaster response team with clearly defined roles, responsibilities and communication protocols.

Recommendations

1 or more persons with specific roles and processes in place to manage and/or perform data recovery and end-user access restoration

Addresses

Disaster response roles, responsibilities and execution

#5 Business Strategy

business strategy

Answer the questions below

CyberScore

The organization's management team views technology as an investment, not a cost and they agree to implement best practices when recommended by the IT team.

Recommendations

Technology is seen as a functional area of the business and ownership/leadership understands the importance of investing in proper technology

Addresses

Understanding that technology is a functional area of a business that should drive higher efficiency and profitability

We perform a regular technical alignment assessment to identify areas of our technology infrastructure that do not meet best practices.

Recommendations

Utilizing a set of best practices and standards, a GAP analysis is performed quarterly or bi-annually.

Addresses

Regular consistent GAP analysis

We meet regularly as a team to assess risk, discuss strategy and perform IT budget planning for our organization.

Recommendations

Ownership/Leadership meets with IT personnel quarterly or bi-annually to discuss GAPs and identify areas in need of improvement. These are logged into a proper organization budget.

Addresses

True vCIO - business focused meetings meant to direct technology toward achieving business goals

We have a clear process for making IT related decisions in our organization, a project plan is agreed upon before implementation and communication within our organization is clear and consistent.

Recommendations

IT projects are reviewed and understood by management. All IT projects are performed only when a proper project plan is created, approved and followed by IT personnel.

Addresses

IT Project Management

We consistently bring advances in technology to the attention of our management team, which increase employee productivity and gives us an edge over our competitors.

Recommendations

IT personnel are aware of new technology advancements that could help the business increase productivity and profitability. These ideas are discussed at regular strategy meetings.

Addresses

Technology awareness and discussion of advancements

#6 Cloud

section image

Answer the questions below

CyberScore

We utilize a secure cloud-based email solution like Microsoft 365 or Google Workspace.

Recommendations

Office 365 or Google Workspace email

Addresses

Cloud Email

Our cloud services are configured according to service provider recommended best practices.

Recommendations

Follow CORE Networks Office 365 Cloud best practices (or applicable vendor)

Addresses

Best practices for cloud services

Our cloud-based email and file services are configured with data loss prevention policies and alerting to prevent data breaches.

Recommendations

Microsoft 365 DLP policies for Email and OneDrive/Sharepoint – Alerts are sent to responsible parties

Addresses

Data loss prevention policies

All users are provided with training on applicable cloud services and are required to understand and agree to a written company Cloud Usage and Security Policy.

Recommendations

Written Cloud Usage Policies as part of Written Information Security Policy

Addresses

Cloud usage policies for users

We utilize a security information and event management (SIEM) system that monitors and alerts on our network, cloud services and critical data systems.

Recommendations

Perch or other real-time Intrusion Detection System with 24/7/365 Security Operations

Addresses

Security Information and Event Management (SIEM)

Company contact info

Infrastructure

Fill in your contact details

CyberScore

Thank you

Thank you

Thanks

CyberScore
working on your request

Please wait

company logo
Total score

Score grade

% score