Evaluate your Security

Have you ever wondered how preparing for gaps and incidents in your organization adds up to profits compared to organizations in the same market? Anonymously review the information from the following survey and at the end you can compare your answers with other respondents.

Content Intelligence

The goal of content intelligence is to provide “data enrichment” capabilities and deliver additional context to security analysts. By leveraging technology to filter out noise and integrate data sources, the value of the data reaching the analyst can be acted upon in a more efficient and accurate manner

1) Does your organization currently have a security focused log aggregation and correlation solution in place, such as a SIEM, to provide centralized alerting of suspicious activity?

a) All security-relevant logs are centrally aggregated with automated alerting across all critical assets.

b) Some security-relevant logs are being aggregated with limited alerting. Not all critical assets are covered.

c) Minimal log aggregation occurs with little or no alerting.

d) No log aggregation, correlation or centralized alerting occurs today. Security team members work directly with individual assets when required to review security logs.

Analytic Intelligence

The ability to analyze threats and produce actionable intelligence through the use of forensics, reverse engineering and malware analysis capabilities is required in order to detect anomalies before harm is done to an organization.

1) Does your security organization currently have a malware analysis and/or a reverse engineering function?

a) Yes, a dedicated in-house team exists to perform these services

b) Yes, we have contracted with an external third party for these services

c) No, this does not currently exist.

Threat Intelligence

Proactively identifying organizations' likely adversaries and their techniques, tactics and attack vectors is necessary to rapidly identify and respond to attacks. This process of ingesting and synthesizing multiple sources of threat data to generate specific intelligence elevates an organizations ability to respond to security events during daily operations.

1) Does your security team review threat data to categorize and prioritize the data for use in daily operations?

a) A formal program exists for categorization with a central repository

b) An informal program exists for categorization with a limited or no central repository.

c) No formal program exists for categorization of threat data.

Incident Response

These programs consist of a comprehensive set of standard operating procedures for incident handling and response that are regularly tested and updated. Program components include documented procedures, areas of responsibility, standardized checklists, predefined incident severity levels and escalation processes.

1) How would you categorize your current incident response capability?

a) Defined and Proactive

b) Defined and Reactive

c) Ad-Hoc - Limited definition and capability

d) N/A - Function does not currently exist