1. Do you know exactly what IT assets does your organisation have?

Enter resource management mechanisms: https://standard-cyber.ppbw.pl/en/for-it-administrators/

2. Do users of the IT assets administered by you have access to the privileged accounts?

Limit user access to administrative accounts resource management mechanisms

3. Are the users of the IT assets administered by you allowed to install any software?

Block users from installing software: https://standard-cyber.ppbw.pl/en/for-it-administrators/

4. Are automatic startup and playback of external data carrier disabled on workstations in your organisation?

Disable automatic startup and playback of external media

5. Do you regularly update the software currently used in your organisation?

Keep firmware, operating systems and software up to date

6. Does your organisation have and use antivirus and antimalware?

Ensure antivirus and antimalware protection

7. Do you regularly monitor the log files and the incidents regarding your system?

Implement proper log and event monitoring: https://standard-cyber.ppbw.pl/en/for-it-administrators/

8. Is using mobile devices allowed in your organisation?

8.1 Has an appropriate policy been implemented for encrypting device drives and other storage media?

Configure disk encryption for each device and media covered by the encryption policy: https://standard-cyber.ppbw.pl/en/for-it-administrators/

8.2 Do you allow employees who work remotely to use a VPN?

8.3 Has an action policy been created and implemented in case equipment is stolen or lost?

Erase data from any lost or stolen device: https://standard-cyber.ppbw.pl/en/for-it-administrators/

9. Do you create backups as a part of protecting of the valuable data?

Implement automated backup mechanisms: https://standard-cyber.ppbw.pl/en/for-it-administrators/

10. Are backups protected?

Protect the availability, confidentiality and integrity of your backups: https://standard-cyber.ppbw.pl/en/for-it-administrators/

11. Has your organisation adapted a procedure for destroying the data carriers?

Make sure you do it right and also read the document: https://standard-cyber.ppbw.pl/en/for-it-administrators/

12. Is there a procedure of destroying the data carriers provided and implemented in your organisation?

Provide encryption for all network services and configure encryption accordingly: https://standard-cyber.ppbw.pl/en/for-it-administrators/

13. Does your organisation use firewall?

Make sure you do it right and also read the document: https://standard-cyber.ppbw.pl/en/for-it-administrators/
Restrict access to services from outside the internal network: https://standard-cyber.ppbw.pl/en/for-it-administrators/

14. Do you monitor the network of your organisation?

15. Have you considered centralization and introduction DNS filtering?

16. Do you separate security domains?

Separate the different security domains: https://standard-cyber.ppbw.pl/en/for-it-administrators/

17. Do your organisation's employees use more than one information asset?

Consider implementing SSO (single sign-on): https://standard-cyber.ppbw.pl/en/for-it-administrators/

18. Is the two-factor authentication implemented in your organisation?

Enter two-factor authentication (2FA): https://standard-cyber.ppbw.pl/en/for-it-administrators/

19. Does your organisation use an email to communicate?

19.1 Do you know who has access to email on the external hosting service and when?

Verify who and when accesses your email on an external hosting service. Verify what maximum downtime the external service provider commits to: https://standard-cyber.ppbw.pl/en/for-it-administrators/

19.2 Do you back up your mail?

19.3 Do you encrypt messages?

19.4 Do you take steps to protect your e-mail server?

Implement solutions to make impersonation of your e-mail server more difficult. Make sure your server is not open-relay: https://standard-cyber.ppbw.pl/en/for-it-administrators/

19.5 Do you take steps to allow users to verify the sender of the message?

Implement solutions to verify the sender of the message: https://standard-cyber.ppbw.pl/en/for-it-administrators/

19.6 Are you aware of how much downtime your contract with the third party hosting provider allows?

Verify the maximum downtime commitment from your third party service provider: https://standard-cyber.ppbw.pl/en/for-it-administrators/