Audit Checklist
Our Audit Checklist is divided into 10 (ten) multiple categories:
- Asset Management
- Business Environment
- Governance
- Risk Assessment
- Risk Management Strategy
- Supply Chain Risk Management
- Identity, Access, and Authentication
- Awareness and Training
- Data Security
- Processes and Procedures
Each category is composed of multiple items in the form of questions. Each question is based on a scenario and is mapped to a compliance standard, law, regulation, or framework to formalize security practices. Marking the questions as completed will get you closer to gaining a compliance badge.
Assessments
Our Assessment Checklist is divided into 9 (nine) multiple categories:
- Organizational and Management Practices
- Personnel Practices
- Physical Security
- Data Security Practices
- Information Integrity Practices
- Software Integrity Practices
- Personal Computer Security Practices
- Network Protection Practices
- Incident Response Practices
Each category is composed of multiple items in the form of factors. You will be able to add the Probability and Impact of an event, giving you a Risk level (Low, Medium, or High) and a Risk Score (Numeric value / Quantitative).
| Negligible (1) | Minor (2) | Moderate (3) | Significant (4) | Severe (5) | Extreme (6) | |
| Very Likely (5) | Low | Moderate | High | High | High | High |
| Likely (4) | Low | Moderate | Moderate | High | High | High |
| Possible (3) | Low | Low | Moderate | Moderate | High | High |
| Unlikely (2) | Low | Low | Moderate | Moderate | Moderate | High |
| Very Unlikely (1) | Low | Low | Low | Moderate | Moderate | Moderate |
| NA (0) | No risk to the organization | |||||
Compliance
This page will show you how far you are from being compliant. The compliance is based on the items you have been able to implement or achieve in your organization. Always consult with professionals if you want or have to be validated by an independent auditor.
Once reached 100%, a compliance badge will be visible under the “Badges” page for you to download and show your clients.
ROI (Return on Investment)
Calculate your Return on Investment based on how much you are saving your organization by having a cybersecurity team. In a nutshell, your team is helping your organization stay free from breaches and ransomware.
See how much the company would lose without you and use the numbers on your next report.
Risk Register
A risk register allows you to track each identified risk and any vital information.
You and your team will track all scenarios that could affect your business.
- ID: Unique identifier for the risk.
- Category: There are many Risk Categories, and here are the top 10; Operational, Budget, Schedule, Technical, Business, Pragmatic, Information Security, Supplier, and Infrastructure.
- Description: Best written as 'There is a risk that *, because of * if this occurs, it will *'
- Consequences: Description of what the impact will be if the risk occurs.
- Probability: How likely it is that the risk will occur. It can be a numeric value from 1 to 5.
- Impact: How bad it would be for the organization. It can be a numeric value from 1 to 6.
- Risk Level: Total risk (Qualitative)
- Risk Modification Plan: Actions that can be taken to reduce the likelihood of the risk occurring. May also be acceptance of the risk or transference of the risk e.g. Insurance. Risk Mitigation techniques.
- Risk owner: The person who will be responsible for managing the risk.
- Residual Risk Level: Risk that remains after controls are accounted for.