Zero Trust Quick Scan

1. Zero Trust Strategy and Planning

This question is to determine whether there is an official strategy and plan in place to set up, implement and run a Cybersecurity strategy (based on Zero Trust) and the accompanying technology, to preemptively reduce risks and improve security.

Select the statement. Within our companyโ€ฆ

Current state

Desired state

We donโ€™t have a security strategy; we live from day to day.

๐Ÿ”˜

๐Ÿ”˜

We have an informal strategy and planning in place, with a limited amount of in-house expertise.

๐Ÿ”˜

๐Ÿ”˜

We have a formal strategy and information security plan in place which is signed off by management. This strategic plan is in line with business objectives and supported by risk and internal audit (3LoD). Dedicated resources on security are allocated.

๐Ÿ”˜

๐Ÿ”˜

The strategy is maintained (periodically drafted, re-prioritized and signed off) and reported upon towards boards and stakeholders

๐Ÿ”˜

๐Ÿ”˜

We have a security strategy with metrics on (technology) performance of the plans and continuous improvement plans are part of the cycle.

๐Ÿ”˜

๐Ÿ”˜