Cybersecurity Readiness Assessment Guide

How to Use This Assessment: Review each item and check the box if your organization meets the criteria. Each checked item is worth 2 points. Total your score at the end to determine your security posture rating.

Assessment Categories

1. Access Control & Identity Management __/20

Multi-Factor Authentication (MFA) HIGH

MFA is enforced for all user accounts, especially admin and privileged access

Password Policy HIGH

Strong password requirements: 12+ characters, complexity rules, no password reuse

Privileged Access Management HIGH

Admin accounts are limited, monitored, and require additional authentication

Access Reviews MEDIUM

Regular reviews of user access rights (at least quarterly)

Offboarding Process HIGH

Immediate access revocation when employees leave the organization

Single Sign-On (SSO) MEDIUM

Centralized authentication for all business applications

Service Account Management MEDIUM

Service accounts are inventoried, use strong credentials, and have limited permissions

Least Privilege Principle HIGH

Users only have access to resources required for their job function

Guest/Contractor Access MEDIUM

Temporary access is time-limited and uses separate credentials

Zero Trust Architecture LOW

Network access requires continuous verification regardless of location

2. Network Security __/20

Firewall Protection HIGH

Next-generation firewalls deployed at network perimeter with active threat prevention

Network Segmentation HIGH

Critical systems isolated in separate network segments/VLANs

Intrusion Detection/Prevention HIGH

IDS/IPS systems actively monitoring network traffic for threats

VPN for Remote Access HIGH

All remote connections use encrypted VPN tunnels

Wireless Security MEDIUM

WPA3 encryption, separate guest networks, hidden SSIDs where appropriate

DNS Security MEDIUM

DNS filtering to block malicious domains and phishing sites

Traffic Monitoring MEDIUM

Network traffic analyzed for anomalies and suspicious patterns

DDoS Protection MEDIUM

Mitigation solutions in place for distributed denial of service attacks

Email Security Gateway HIGH

Advanced email filtering for spam, phishing, and malware

Web Application Firewall MEDIUM

WAF protecting public-facing web applications

3. Endpoint Security __/20

Endpoint Detection & Response (EDR) HIGH

Advanced endpoint protection beyond traditional antivirus

Patch Management HIGH

Automated patching with critical updates applied within 72 hours

Device Encryption HIGH

Full disk encryption on all laptops and mobile devices

Mobile Device Management MEDIUM

MDM solution for corporate and BYOD devices

Application Whitelisting MEDIUM

Only approved applications can run on endpoints

USB/Removable Media Controls MEDIUM

Policies restricting use of USB drives and external storage

Browser Security MEDIUM

Managed browser settings, extension controls, safe browsing enforced

Host-based Firewall MEDIUM

Local firewalls enabled and configured on all endpoints

Asset Inventory HIGH

Complete inventory of all hardware and software assets

Vulnerability Scanning HIGH

Regular vulnerability scans with remediation tracking

4. Data Protection __/20

Data Classification HIGH

Data classified by sensitivity with appropriate handling procedures

Encryption at Rest HIGH

Sensitive data encrypted in databases and file storage

Encryption in Transit HIGH

TLS 1.2+ for all data transmissions

Data Loss Prevention MEDIUM

DLP tools preventing unauthorized data exfiltration

Backup & Recovery HIGH

Regular backups with tested recovery procedures (3-2-1 rule)

Backup Encryption HIGH

All backups encrypted with keys stored separately

Data Retention Policy MEDIUM

Defined retention periods with secure deletion procedures

Cloud Data Security HIGH

Cloud storage properly configured with access controls

Database Security HIGH

Database access restricted, activity logged, and regularly audited

Privacy Compliance MEDIUM

GDPR/CCPA/HIPAA requirements implemented as applicable

5. Security Operations __/20

Security Awareness Training HIGH

Regular security training for all employees (at least annually)

Phishing Simulations MEDIUM

Regular phishing tests with follow-up training for failures

Incident Response Plan HIGH

Documented IR plan with defined roles and procedures

IR Plan Testing MEDIUM

Tabletop exercises or simulations conducted at least annually

SIEM/Log Management MEDIUM

Centralized logging with alerting for security events

24/7 Monitoring MEDIUM

Continuous security monitoring (internal or SOC service)

Penetration Testing HIGH

Annual penetration tests by qualified third party

Vendor Risk Management MEDIUM

Third-party vendors assessed for security posture

Business Continuity Plan HIGH

BCP/DR plans documented and tested regularly

Security Metrics LOW

Key security metrics tracked and reported to leadership

Score Summary

Category	Your Score	Max Score
1. Access Control & Identity Management		20
2. Network Security		20
3. Endpoint Security		20
4. Data Protection		20
5. Security Operations		20

Priority Recommendations

Based on your assessment, focus first on any unchecked items marked as HIGH priority. These represent the most critical security gaps that should be addressed immediately.