[Identity]
This quiz begins with the IDENTIFY pillar of the NIST 800-171 Cybersecurity Framework. When is the last time an inventory of all WFH devices with access to your network was created/revised?
[Identity]
When is the last time you reviewed this report for accuracy?
[Identity]
When was the last time your team reviewed your organization's cybersecurity roles and responsibilities? How well does it fit your organization's mission and goals?
[Identity]
Since the pandemic began, has your expanded WFH environment been specifically assessed for CyberSecurity risks?
[Identity]
When was your organization's cyber security policies last revised?
[Identity]
Have all employees signed this document?
[Identity]
Does your WFH workforce access any vendor, manufacturer, or partner portals directly from their WFH workstation, without a requirement of MFA?
[Protect]
Now our quiz will move to the PROTECT pillar of the NIST 800-171 Cybersecurity Framework. What type of authentication is required for WFH remote access to your company?
[Protect]
Have you created effective role-based login profiles so that remote users have access to only the tools they need?
[Protect]
What percentage of employees have been trained in cybersecurity focusing on potential threats specific to their WFH environment within the past 6 months?
[Protect]
How often are WFH employees tested for their 'cybersecurity awareness'?
[Protect]
Is a Recovery Point Objective defined for each important application/database in your company?
[Protect]
What checking mechanisms do you have to test the integrity and security of software, firmware, and information to ensure WFH workstations are not compromised?
[Protect]
How would you score your organization's readiness and preparedness for securely supporting your WFH workforce?
[Protect]
Are all devices connecting to corporate resources through a VPN connection corporate-owned?
[Protect]
How often are all such devices checked to ensure anti-virus, anti-malware, DNS protection, and other protective technologies are working properly?
[Detect]
Now our quiz will move to the DETECT pillar of the NIST 800-171 Cybersecurity Framework. What level of WFH threat detection does your organization use to detect potential cybersecurity events?
[Detect]
Are failed or risky remote-access attempts identified and reviewed regularly?
[Respond]
Now our quiz will move to the RESPOND pillar of the NIST 800-171 Cybersecurity Framework. In the event that a security breach or loss of data is identified on a WFH machine, is a written response plan in place to address remediation of the breach?
[Recover]
Now our quiz will move to the RECOVER pillar of the NIST 800-171 Cybersecurity Framework. If WFH users are utilizing Microsoft Office 365 or Microsoft 365, are all user documents and email protected daily using a 3rd party Cloud to Cloud backup and recovery system?
[Recover]
When has recovery of an Office 365 user environment been last tested?