ZERO TRUST READINESS

Zero Trust Strategy and Planning

This question is to determine whether there is an official strategy and plan in place to set up, implement and run a cybersecurity strategy (based on Zero Trust) and the accompanying technology, to preemptively reduce risks and improve security.

Which statement best reflects your current and desired maturity. Within our company..

CURRENT STATE

Select one of the five statements below

DESIRED STATE

Select one of the five statements below

we don't have a security strategy; we live from day to day.

we have an informal strategy and planning in place, with a limited amount of inhouse expertise.

we have a formal strategy and information security plan which is signed off by management. This plan is in line with business objectives and supported by risk and internal audit (3LoD). Dedicated resources on security are allocated.

the strategy is maintained (periodically drafted, re-prioritized and signed off) and reported upon towards boards and stakeholders.

we have a security strategy with metrics on (technology). Performance of the plans and continuous improvement plans are part of the cycle.