Cyber Risk Self-Assessment Tool - Australia

1 - How much personal identifiable information (PII) does your organisation process?

2 - How much health-related information does your organisation process?

3 - Does your organisation process credit card details?

4 - How many personal banking details does your organisation process?

5 - Does your organisation provide online information and communication technology (ICT) services to third parties (for example, hosting, housing, cloud services, and dedicated online services)?

6 - Does your organisation sell products or services through e-commerce websites?

7 - Have you calculated the financial impact caused by a network/IT interruption to your organisation?

8 - Has the risk of cyber-violation concerning your intellectual property been assessed?

9 - Do you deem that the reputation of your organisation could be damaged by a data breach?

10 - Does your organisation have a complete set of information security policies that is periodically updated and communicated to all employees?

11 - Do you deem that the contractual obligations your organisation have with third-parties could be breached in the event of data breach or IT network outage?

Cyber Risk Self-Assessment Tool - Australia

12 - Do you deem that a hacker could commit a cyber-fraud affecting your organisation or your customers?

13 - Have you investigated potential cyber risks that may cause material damages to your production factories, warehouses, office sites, other physical assets, people, environment, and neighbours?

14 - Does your organisation rely on third parties for IT services?

15 - Are you aware of an independent privacy and data protection compliance audit being performed in your organisation in the last 12 months?

16 - Are you aware of any vulnerability assessment and penetration tests being performed in your organisation in the last 12 months?

17 - Does your organisation have an information security officer?

18 - Does your organisation have an incident and crisis management policy addressing cyber attacks and data breaches?

19 - Is your network periodically audited by third parties to assure the proper design and implementation of state-of-the-art security technologies (for example, firewall, antivirus, IDS, IPS, IAM, SIEM)?

20 - Are your IT service providers periodically audited by your organisation to review their security policies (for example, disaster recovery, back-up, network security)?

21 - Does your organisation have a disaster recovery plan addressing IT services, based on sound data back-up policies?

Cyber Risk Self-Assessment Tool - Australia

22 - Does your organisation also operate in the USA?

23 - Have you estimated the maximum financial loss that your organisation could suffer in the event of a cyber attack/data breach (total of first-party and third-party losses)?

24 - Do you ever share PII data with third-party organisations?

25 - Are all third-party organisations with whom you share personal data required to indemnify you under contract for their unauthorised disclosure of such personal data?

26 - Do you provide awareness training for employees on privacy and security, including on issues of legal liability and social engineering?

27 - Are you aware of an information classification policy in your organisation, including the encryption of sensitive data?

28 - Is your organisation always in physical possession of at least one updated copy of all business data?

29 - Are your websites designed to register user-generated information (for example, email, location, and address)?

30 - Is your organisation managing websites, social networks, and mobile apps in compliance with a suitable data protection policy?

31 - In the last 12 months, have you performed a cyber risk assessment to identify all relevant cyber risks to your business?