Self Assessment - Cybersecurity Service Providers Connect Programme

Welcome! This diagnostic is the first step toward strengthening your organisation's cybersecurity posture

It is designed to help you identify potential vulnerabilities and assess your current risk level. Upon completion, you will receive a personalised report outlining our findings and recommending specific service categories to address the most critical areas.

The assessment will take approximately 5 minutes. Please provide honest and accurate answers to ensure the report is useful.

Before you begin, please review and confirm the following:

I agree that the test results are for reference purpose only. Approval of application and disbursement of grant will depend on details of each individual case.

I understand that all collected data will be used solely for one-time eligibility check. The collected data will not be shared with any third party.

Q.1

What is your existing cybersecurity status?

Under Cyber Attack

Normal

Q.2

Does your organisation have a security policy?

My organisation does not have a security policy

My organisation has a security policy

Q.2-1

If your organisation has a security policy, which of the below is/are true?
(Multiple Select)

The security policy can be easily accessed by staff

Staff needed to acknowledge the security policy when they onboard

Staff needed to re-acknowledge the security policy regularly

Q.3

Does your organisation have any endpoint protection software installed?

My organisation does not have any endpoint protection software installed

My organisation has endpoint protection software installed

Q.3-1

If your organisation has endpoint protection software installed, which of the below is/are true?
(Multiple Select)

IT staff regularly check the update status of endpoint protection software

Security patches for endpoint computer operating system are updated regularly

Accounts used by user on endpoints are non-privileged

Proxy server(s) is setup to filter malicious URL during web browsing

Q.4

Does your organisation have a firewall to protect organisation network?

My organisation does not have a firewall to protect organisation network

My organisation has a firewall to protect organisation network

Q.4-1

If your organisation has a firewall, which of the below is/are true?
(Multiple Select)

Firewall(s) has a default 'DENY' rule

Firewall(s) does not allow ANY from internal network to access Internet

Firewall(s) does not allow remote access

Firewall rules are reviewed regularly

Q.5

Does your organisation have the security guidelines and practices for mission critical systems?
(Multiple Select)

My organisation has server password policy that passwords needed to meet minimum length and complexity requirement

My organisation has security guideline for servers that enable security features and disable unused services

My organisation has a process that update system patches regularly & timely

Sensitive information is not stored in Internet facing servers

Sensitive information is masked or encrypted when stored

Periodical penetration test(s) is performed regularly by professional parties on mission critical systems

Q.6

Does your organisation setup mechanism to monitor and detect suspicious activities in information systems?
(Multiple Select)

Logging is enabled in my organisation's firewall(s) and servers

Logs are collected in a centralized log server

Logs are periodically reviewed by IT staff

Mechanisms are setup to notify IT staff if something abnormal is detected

Network traffic pattern is included in monitoring

Q.7

Does your organisation have incident response plans (including backup plan)?

My organisation does not have any incident response plans

My organisation has incident response plans that handle different kind of incidents

Q.7-1

If your organisation has incident response plans, which of the below is/are true?
(Multiple Select)

My organisation has backup plan for systems and data

Backup data is kept offline

Drills are done on restore plan regularly to make sure backups are restorable

Q.8

Does your organisation have security awareness activity for staff?

My organisation does not have any security awareness activity for staff

My organisation has periodical security awareness training for staff