IronSphere Survey
| How do you STATUS AUDIT your legacy infrastructure? | ||
|---|---|---|
| A 3rd party product. | ||
| The system produced reports. | ||
| 3rd party annual assessment. | ||
| We do not perform Status Audit. | ||
| How frequently do you STATUS AUDIT your legacy? | ||
|---|---|---|
| Every day | ||
| Once a week | ||
| Once a month | ||
| Once a year | ||
| Does this frequency align with the applied laws and regulations? | ||
|---|---|---|
| Yes, our business performs in a regulated market. | ||
| Yes, our business does not perform in a regulated market. | ||
| No, but our business performs in a regulated market. | ||
| No. we are not performing in a regulated market. | ||
| If a 3rd party tool is used, which one is it? | ||
|---|---|---|
| IBM zSecure | ||
| Vanguard | ||
| CA Auditor | ||
| Other | ||
| What are the monthly hours invested in STATUS AUDIT? | ||
|---|---|---|
| 1-10 hours | ||
| 11-30 hours | ||
| 31-60 hours | ||
| More than 60 hours. | ||
| How readable are the reports you use? | ||
|---|---|---|
| Contains just what I need to identify the risk | ||
| Too much information, need to separate the wheat from the chaff | ||
| if no finding, still need to read the report | ||
| Do you enforce security framework? | ||
|---|---|---|
| Yes, we use NIST SP 800 | ||
| Yes, we use ISO 27000 | ||
| Yes, CIS benchmarks | ||
| your organization sector | ||
|---|---|---|
| Finance | ||
| Manufacturing | ||
| Government and public sector | ||
| other | ||
| Have you heard of ISCM concept (Information Security contiguous Monitoring)? | ||
|---|---|---|
| No | ||
| Yes, but not used it | ||
| Yes, we use it. | ||