Security Maturity Assessment

Q1: Does your organization have a documented information security policy?

No formal policy exists Informal policy exists but not documented Documented policy exists but not regularly reviewed Documented and periodically reviewed policy Documented, reviewed, communicated, and enforced

Please select an option to continue.

Q2: How often does your organization perform risk assessments?

Never Only after major incidents Occasionally or ad-hoc Regularly, annually Continuous risk management integrated with business processes

Please select an option to continue.

Q3: How is user access to critical systems controlled?

No control; users have unrestricted access Basic user access control but no formal approval Access control with periodic reviews Role-based access control with regular audits Role-based + least privilege + automated provisioning/de-provisioning

Please select an option to continue.

Q4: Are multi-factor authentication (MFA) mechanisms implemented?

Not implemented Only for privileged accounts For most critical systems For all users and systems

Please select an option to continue.

Q5: Are network security controls (firewalls, IDS/IPS) implemented?

No controls Basic firewalls only Firewalls and some monitoring Firewalls, IDS/IPS, and network segmentation Comprehensive, monitored, and managed security infrastructure

Please select an option to continue.

Test Question

test option

Please select an option to continue.