Information Security Survey

How sound are your organization’s access controls?

Access control is the ability to permit or deny a user access to information, systems or resources. Proper use of access control allows an organization to effectively manage, track and audit disclosure of information.

Take the following survey to assess your organization’s current access control efforts:

  1. Proactive communication exists between management and our organization’s IT function regarding definitions of sensitive data and accessibility of that data. Yes No Somewhat
  2. Our organization’s data is properly classified as confidential, private, financial, etc., and there is a common understanding of these classifications.. Yes No Somewhat
  3. Access to our organization’s data is proactively managed based on the principle of “least privilege” – users can only access what they absolutely need to access in order to perform their job function. Yes No Somewhat
  4. Clearly defined access control processes and procedures exist in our organization. Yes No Somewhat
  5. Sound user authentication systems exist in our organization. Yes No Somewhat
  6. A security governance model exists in our organization. Yes No Somewhat
  7. Our organization conducts an annual risk assessment of its information security program. Yes No Somewhat