Computer Security

22 Questions That Can Help Protect Your Business

This quiz is intended as an education and diagnostic tool to help you start thinking about security as it pertains to your small business. The correct answers and the number of points awarded are noted in parenthesis after the choice.

*
On This Page
General KnowledgeGeneral Knowledge
Plans, Policies, and PeoplePlans, Policies, and People
Physical SecurityPhysical Security
Information SecurityInformation Security
ResultsResults

General Knowledge

1.

What is a firewall?

A method of protecting a computer network against unauthorized access from the Internet (1 point)

A solid brick enclosure around a server room

2.

Why do software developers issue updates for their software?

Because they really enjoy staying in touch with their customers

Because thousands of attackers are constantly trying to find previously unknown vulnerabilities and the software companies want to protect users against these threats (1 point)

3.

Which of the following are attacks a criminal hacker might use?

Spoofing

Tampering

Repudiation

Information disclosure

Denial of Service (DoS)

Elevation of privilege

All of the above (1 point)

4.

Have you or your business suffered any of the following? (1 point each because now you're a veteran)

Computer theft

Unauthorized disclosure of information by staff or outsiders

Loss of critical data that wasn't backed up

Virus infection

Any kind of hacking or electronic intrusion

Top of pageTop of page

Plans, Policies, and People

1.

Does someone on your staff oversee security issues?

Yes (1 point)

No

2.

When did you last review and update your security policy?

Within the last three months (2 points)

Within the past year (1 point)

What's a security policy?

3.

Is there a manager responsible for ensuring ongoing compliance with a security policy?

Yes (1 point)

No

4.

Do you carry out regular audits of computer and software inventory?

Yes (1 point)

No

5.

Does your company have up-to-date policies covering the following (1 point each)?

Strong passwords

Email and Internet use

Software piracy

Online purchasing

Theft

6.

Do you teach employees how to spot and address email hoaxes?

No

Yes (1 point)

Top of pageTop of page

Physical Security

1.

What physical security measures do you take to protect your desktop PCs? (1 point each)

General physical security, including good locks, alarms, and physical barriers

Visitor access control

PCs locked securely to desks

Serial numbers of components recorded

Computers not visible from the street on the ground floor

Monitors not facing windows from any floor

2.

What physical security measures do you take to protect your servers? (1 point each)

Kept in a secure room

Access restricted to authorized personnel

Adequate fire protection

Serial numbers of components recorded

Backup power source

Kept in a locked rack with access restricted to only the subset of people who need access to the systems in that particular rack

3.

What security measures do you take to protect your notebook computers? (1 point each)

Transported in padded but nondescript bags

Secured by a cable lock when unattended

Components security marked

Encrypted data on the notebook computer

4.

What physical security measures do you take to protect software and backups? (1 point each)

Application master disks and license documents kept securely

Backups stored in a fireproof safe or in a secure offsite location

5.

Do you have a maintenance contract for your computer equipment?

Yes (1 Point)

No

6.

When interviewing security or IT consultants and new staff members, it is a good idea to vet them (i.e., examine their background and qualifications). Do you vet your IT consultants and staff?

Yes (1 Point)

No

Top of pageTop of page

Information Security

1.

Have you ever opened a file in an email from someone you didn't know because it looked interesting?

Yes (-1 point)

No (1 point)

2.

Which of the following defenses do you have operating on your business network (1 point each):

Software updates installed as they become available

Virus definitions updated on a regular basis

Firewall installed and correctly configured

Centrally enforced strong password policy

Web browsing and email usage policy enforced

Secure connections for remote users

Secure wireless network

Regular backups

3.

Do you regularly back up your data?

No

Yes (1 point)

Bonus point: and we test restoring the data periodically

4.

Do you regularly test your backups by restoring them and verifying the restored data?

No

Yes (1 point)

5.

Are you running the latest versions of Microsoft Internet Explorer and Microsoft Outlook?

No

Yes (1 point)

6.

Do you use encryption on your wireless network?

No

Yes (1 points)

Top of pageTop of page

Results

Less than 10

Seriously consider studying security issues and putting together a plan (or hiring someone else to do so).

11 to 20

You know you need security, but you don't have the skills, time, or confidence to do something about it. You are at serious risk, and you need to take steps to protect your business.

21 to 30

You are like many people. You have good intentions and have taken some measures but are mostly just hoping that something bad won't happen to you. There are steps you can take now that will transform your security from "barely adequate" to "good enough."

31 to 40

You're doing pretty well. Look through this guide and see if there's anything you've missed. There may be a few tricks you've overlooked and some risks you haven't considered.

41 to 50

You've done a great job. It's probably worth scanning this guide to see if there's anything you've overlooked. Don't forget about the need to keep reviewing your security and updating your plans.

Over 50 points

You could probably write a guide of your own.


Top of pageTop of page