.

.

InfoSec and Cybersecurity Plan

InfoSec Plan Assessment
Business Information
In this section you tell us your business and contact information so you can receive your customized free InfoSec Plan.

Business name*

Business name*

Clear selection

Contact name*

Contact name*

Clear selection

Phone number*

Phone number*

Clear selection

Email address*

Email address*

Clear selection
Business Assessment

Type of business. In a few words, what is your business?*

Type of business. In a few words, what is your business?*

Clear selection

Industry*

Industry*

Clear selection

Are you customer facing, or vendor to other businesses?*

Are you customer facing, or vendor to other businesses?*

Clear selection

Who do you use for payment processing?

Who do you use for payment processing?

Clear selection

Do you store any personally identifiable information?*

Do you store any personally identifiable information?*

Clear selection

Do you have any regulatory information security requirements?*

Do you have any regulatory information security requirements?*

Clear selection

What regulatory requirements are you required to comply with? Select/list all that apply.*

What regulatory requirements are you required to comply with? Select/list all that apply.*

Clear selection

Where is your infrastructure hosted?*

Where is your infrastructure hosted?*

Clear selection

Data center/cloud vendor(s)

Data center/cloud vendor(s)

Clear selection

In general terms, what are the most important assets (physical and digital) that you need to protect?

In general terms, what are the most important assets (physical and digital) that you need to protect?

Clear selection
Asset Assessment
In this section we will look into detail to your resources to establish a baseline for your risk assessment. For this assessment's purpose, "essential" are those elements you cannot operate without. When asked to create/have an inventory/list offline, please make sure you have it ready for your own internal use.

List your essential assets. Separate them with a comma. You will also need an inventory of all other assets created offline.*

List your essential assets. Separate them with a comma. You will also need an inventory of all other assets created offline.*

Clear selection

List your essential tools. Separate them with a comma. You will also need an inventory of all other tools created offline.*

List your essential tools. Separate them with a comma. You will also need an inventory of all other tools created offline.*

Clear selection

List your essential devices. Separate them with a comma. You will also need an inventory of all other devices created offline.*

List your essential devices. Separate them with a comma. You will also need an inventory of all other devices created offline.*

Clear selection

List your essential systems. Separate them with a comma. You will also need an inventory of all other systems created offline.*

List your essential systems. Separate them with a comma. You will also need an inventory of all other systems created offline.*

Clear selection

List your essential information/acquired data. Separate them with a comma. You will also need an inventory of all other information/acquired data created offline.

List your essential information/acquired data. Separate them with a comma. You will also need an inventory of all other information/acquired data created offline.

Clear selection
Risk Assessment
In this section we will guide you through a self-assessment of your assumed and known risks. There may be other risks you may not be aware of. Those may be general, or specific to your industry. When asked to create/have an inventory/list offline, please make sure you have it ready for your own internal use.

What are the perceived most likely risks that your business could face? Please list all you can think of within your answer.*

What are the perceived most likely risks that your business could face? Please list all you can think of within your answer.*

Clear selection

Do you have a list of your internal processes and data workflows documented? You will need this list for your internal use.*

Do you have a list of your internal processes and data workflows documented? You will need this list for your internal use.*

Clear selection

Do you have a prioritized list with the mission, objectives, and activities to perform when your organization finds itself incapacitated to operate in a digital manner? You will need this list for your internal use.*

Do you have a prioritized list with the mission, objectives, and activities to perform when your organization finds itself incapacitated to operate in a digital manner? You will need this list for your internal use.*

Clear selection

Do you have a prioritized list of resources (all items listed under the previous section) based on criticality and business value to continue operating the business? You will need this list for your internal use.*

Do you have a prioritized list of resources (all items listed under the previous section) based on criticality and business value to continue operating the business? You will need this list for your internal use.*

Clear selection

Do you have a risk tolerance established and clearly expressed? This is a document of how much your organization can be digitally incapacitated without losing the ability to interrupt business operations. You will need this document for your internal use.*

Do you have a risk tolerance established and clearly expressed? This is a document of how much your organization can be digitally incapacitated without losing the ability to interrupt business operations. You will need this document for your internal use.*

Clear selection
Preparedness Assessment
In this section we will assess your preparedness status. When asked to create/have an inventory/list offline, please make sure you have it ready for your own internal use.

Do you have a list of suppliers and third-party partners that make up your supply chain prepared? You will need this list for your internal use.*

Do you have a list of suppliers and third-party partners that make up your supply chain prepared? You will need this list for your internal use.*

Clear selection

Do you have the documentation and/or best practices for protecting and securing your critical/essential elements identified in the Asset Assessment section? You will need this list for your internal use.*

Do you have the documentation and/or best practices for protecting and securing your critical/essential elements identified in the Asset Assessment section? You will need this list for your internal use.*

Clear selection

Do you have a list of the roles and responsibilities of everyone involved in assessing, preparing, and implementing this InfoSec Plan? You will need this list for your internal use.*

Do you have a list of the roles and responsibilities of everyone involved in assessing, preparing, and implementing this InfoSec Plan? You will need this list for your internal use.*

Clear selection

Has a responsible party been identified for carrying out this InfoSec Plan?*

Has a responsible party been identified for carrying out this InfoSec Plan?*

Clear selection

Provide the name of the person in charge of executing this InfoSec Plan?

Provide the name of the person in charge of executing this InfoSec Plan?

Clear selection

Have you established how you will monitor and detect breaches into each of the critical items listed in the Asset Assessment? Each item will require its own individual plan of action, including a list of steps for corrective and palliative actions to take. Please prepare those plans offline for your internal use.*

Have you established how you will monitor and detect breaches into each of the critical items listed in the Asset Assessment? Each item will require its own individual plan of action, including a list of steps for corrective and palliative actions to take. Please prepare those plans offline for your internal use.*

Clear selection

Have you established a plan to train employees on breach preventive measures, and how to report breaches? Each employee may require its own individual training plan. Please prepare those plans offline for your internal use.*

Have you established a plan to train employees on breach preventive measures, and how to report breaches? Each employee may require its own individual training plan. Please prepare those plans offline for your internal use.*

Clear selection

 

How can we help you?

Would you like to discuss how BlueKatana can help you with your software needs?