• Home
  • Client security assessment brief

Client security assessment brief

Thank you for considering Cyberprox as your trusted partner in IT security. We understand that every Company is unique, and we strive to provide exceptional IT security audit services tailored to your specific needs. To ensure we gather the necessary information for a comprehensive understanding of your current IT security landscape, we kindly request your cooperation in answering the following questionnaire.

Please note that we understand certain questions may not be applicable to your Company. In such cases, feel free to skip those questions and provide answers to the relevant ones. We value your time and want to ensure a smooth and efficient process.

Once you have completed the questionnaire, please send back the filled-in Brief. We appreciate your dedication in providing us with the necessary information, as it will enable us to propose the most effective and efficient services to enhance your Company’s cybersecurity defenses.

    Company Overview *


    Existing Infrastructure

    Network Architecture:

    System Inventory (Please provide details for each)

    Software Inventory (Please provide details for each)

    Previous Security Incidents

    Business Continuity

    • Identity and Access Management

      User Identity Management

      Entitlements Management

      Access Controls

      Are there established password requirements in place within your Company?

      Are these password requirements documented in a formal standard?

      Are there any specific alphanumeric composition requirements for passwords?

      Is there a password history requirement?

      Is there an inactivity lockout in place?

      Is administrative access to systems that store client data required to be approved by authorized managers?

      Is pre-approval required for technology staff to gain access to production systems?

      Are access permissions time-bound?

      Is access to production environments subject to logging and periodic review?

      Are access permissions in production environments limited to necessary functions?

      Are changes made to production environments subject to mandatory reviews?

      Is multi-factor authentication (MFA) required for accessing systems from outside the Company's network?

    • Application and Software Security

      Centralized Inventory and Risk Classification

    • Infrastructure Security

      Configuration Management and Hardening

      Network Security

      Are there multiple network zones implemented in your network environment?

      Are Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) deployed at your network perimeter?

      Are the management interfaces on perimeter firewalls, routers, and other devices accessible from the Internet?

      Do you subscribe to continuous Distributed Denial of Service (DDoS) monitoring and mitigation services?

      Do you host your primary Internet web presence on Content Delivery Networks (CDNs) with DDoS mitigation and absorption capacity?

      Does the implemented network request throttling limit the number of referrals and requests made by client IP addresses?

      Are alerts generated by DDoS activities monitored and mitigated as needed?

      Is wireless access to the Company's infrastructure only permitted from Company-approved devices?

    • System Monitoring, Capacity and Vulnerability Management

      Virtual Desktop Solution

      Secure Remote Access for Personnel Personnel

    • Mobile Security

    • Data Security

      Data Governance


      Data Security

      Physical security

    • Cloud Computing

      Do you have a comprehensive Companywide Vendor Management Policy and Program that outlines the risk-based framework for managing third-party vendor relationships?

      Does your vendor management process cover vendor selection, onboarding, performance monitoring, and risk management?

      Are vendors required to design, implement, and maintain information security controls consistent with your Company's security policies and standards?

      Do you conduct initial assessments of vendors who have access to your Company's information?

      How do you determine the breadth and frequency of re-certifications for vendors?

      How do you rank and address gaps found during due diligence assessments?

      Do you conduct ongoing oversight of vendors based on the criticality of their services to the Company and the results of the initial risk assessment?

      How do you handle changes in services provided by a particular vendor?

      Do you require vendors to sign standard contractual provisions before receiving sensitive information from the Company?

      Which dedicated teams in your Company are responsible for regular assessment and reporting on the security practices of vendors?

    Existing Infrastructure

    Order a call

    We will be happy to help you