security svg icon

Tech Capability Assessment Tool (Cybersecurity)

Feedback

About the Cybersecurity Capability Assessment

The assessment will include three (3) Cybersecurity domains.

A digital capability self-assessment report for Cybersecurity would be available for download upon completion. The report will display an overall organisation level capability proficiency level, broken down by the specific Cybersecurity domains, the completed questionnaire inputs, and recommendations on how your organisation may bridge capability gaps (if any).

What do I need before I start?

You should preferably be a Chief Technology Officer (CTO) / Chief Information Technology Officer (CIO) or a Senior Management Executive with knowledge of your organisation’s business in the following areas:

  1. Technical Architecture and Environment
  2. Technologies Applied or Adopted
  3. Processes for Product / Service Design, Maintenance & Deployment
  4. Staff Competence, especially knowledge of your development team’s technical skill sets and certifications

*Please read and accept the Disclaimer

Time to complete: 15 - 20 mins

Section A - General Questions

Q1

Has your organisation developed any digitalisation plans / strategies and started on your digital transformation journey? (Digital transformation is defined as the plan of action designed to achieve an organisation's digital goal) (Select 1 option)

Q2

Indicate the technology area(s) that your organisation has implemented for any projects, and / or currently implementing.(Select more than 1 option if applicable)

Invalid character! please check your entry.

Q3

Indicate your organisation’s key nature of business (primary SSIC category).(Select 1 option)

Invalid character! please check your entry.

Q4

Indicate your organisation's key customer segment.(Select more than 1 option if applicable)

Q5

Indicate the estimated range of your organisation’s annual revenue.(Select 1 option)

Q6

Indicate the estimated number of employees (including Full-time, Part-time and Contract employees) in your organisation.(Select 1 option)

Q7

Indicate the estimated size of the development team (e.g. Developer, Business Analyst, QA / QC, Tester, Deployment / Delivery Manager, etc) in your organisation.(Select 1 option)

Q8

Does your organisation have a designated cyber security personnel and/or a cyber-incident response team?

Q9

Indicate the cybersecurity framework / standard practised by your organisation.(Select 1 or more options)

Invalid character! please check your entry.

Q10

My organisation sets aside a sum of funds for cybersecurity from the annual budget.

Q11

My organisation has a cybersecurity user education and awareness program.

Q12

My organisation faces the following challenges when ensuring our products / services are cyber-secured.(Select more than 1 option if applicable)

People

Process

Tools

In General

Invalid character! please check your entry.

Section B - THREAT IDENTIFICATION

Q13

My organisation remains up-to-date with the cyber threat landscape via the following approach:(Select more than 1 option if applicable)

Invalid character! please check your entry.

Q14

My organisation is able to accomplish one or more of the following by conducting cyber threat analysis:(Select more than 1 option if applicable)

Q15

My organisation conducts cyber risk assessments on:(Select 1 option)

Q16

My organisation follows a defined risk management framework (e.g. ISO 27001, NIST Cybersecurity Framework) for assessing, responding, and monitoring cybersecurity risks for my products / services.

Invalid character! please check your entry.

Q17

My employees have the following level of competency in conducting cybersecurity risk management.(Select 1 option)

Q18

My organisation conducts security testing (e.g. penetration testing, vulnerability assessment, etc) on:(Select 1 option)

Q19

My organisation conducts the following security testing on our products/ solutions / network?(Select more than 1 option if applicable)

Invalid character! please check your entry.

Q20

My organisation’s security testing are mostly performed:(Select 1 option)

Q21

My organisation's in-house security testing team is certified (e.g., CPSA, CRT, OSCP, GPEN, etc.).

Q22

My organisation screens third party suppliers prior to starting business (e.g. contract review, vendor risk assessments, etc) with them.

Section C - CYBERSECURITY SAFEGUARDS

Q23

My organisation has the following areas covered within my cybersecurity policies and standards.(Select more than 1 option if applicable)

Invalid character! please check your entry.

Q24

My organisation’s cybersecurity policies and standards are aligned to industry standards. (e.g. ISO 27001, or IEC 62443-4-1)

Q25

My organisation reviews and updates our cybersecurity policies and standards.(Select 1 option)

Q26

My organisation has adopted Data Protection by Design principles into the development lifecycle of our products / services.(Select more than 1 option if applicable)

Invalid character! please check your entry.

Q27

My organisation has established or installed the following web server security measures to protect the delivery of our products / services to our customers. (Select more than 1 option if applicable)(Select more than 1 option if applicable)

Invalid character! please check your entry.

Q28

My organisation has established or installed the following network security measures to protect the usability and integrity of the IT network and data used for the delivery of our products / services.(Select more than 1 option if applicable)

Invalid character! please check your entry.

Q29

My organisation practises the following design principles to ensure application security is established during my products / services development.(Select more than 1 option if applicable)

Invalid character! please check your entry.

Q30

My organisation conducts patch updates ____________ as part of the application security updates for my products / services.(Select 1 option)

Q31

My organisation practises security monitoring of my product / service through _____________________.(Select 1 option)

Section D - BUSINESS RESTORATION

Q32

My organisation is capable of restoring business operations from disruptions (e.g. data breaches, natural disaster, cybersecurity attack) with the following elements established.(Select more than 1 option if applicable)

Q33

My organisation uses formalised standards as part of the development of my business restoration practices (e.g. NIST Cybersecurity Framework, ISO 27001).

0/0
0%

0/100

Your Organisation's Cybersecurity Readiness Score

Basic
Developing
Proficient
Leading
Feedback