Free Data Security Audit from Kroll - Kroll's Fraud Solutions

Why is this page text-only? Skip to Content

Security Audit

Home
Understanding ID Theft
Self-Assessment
Complimentary Kroll Security Audit

Complimentary Kroll Security Audit

Complimentary Security Audit for Your Organization

The first step for any organization to improve its security is to understand the effectiveness of measures currently in place. The problem lies in determining the right questions to ask and understanding where the different types and zones of security overlap or leave gaps.

Kroll Fraud Solutions Security Audit comprises almost 70 questions with multiple choice answers that cover administrative, technological and physical security procedures.

The security audit can be completed online and provides a downloadable analysis upon completion that includes:

A qualitative analysis of how well an organization is protecting itself from a security breach and
Categorical 'scores' for administrative, technical and physical controls for defining a resource allocation plan

To gain access to the complete Kroll Fraud Solutions Security Audit online, please contact Kroll.

Test the Test

This abbreviated version consists of 12 questions, excerpted from the administrative, technical and physical segments of the full self-assessment. Once you've completed these 12 questions, fill-in the form below and submit your assessment. Members of the Kroll Fraud Solutions team will analyze your responses and provide recommendations based on the findings.

1. Have Information Classification Guidelines been documented?

Information Classification Guidelines have been documented and are in practice.

Information Classification Guidelines have been documented however the information within is outdated or inconsistently practiced.

Information Classification Guidelines exist but are not consistently practiced.

Information Classification Guidelines do not exist.

2. Are there Information Labeling and Handling Procedures?

Procedures for information labeling and handling are documented and kept current.

Procedures for information labeling and handling are documented but are not kept current.

Procedures for information labeling and handling are either not fully documented or are assumed.

Procedures for information labeling and handling do not exist.

3. Is there a Clear Desk and Clear Screen Policy?

A Clear Desk and Clear Screen Policy is well-documented, and is reviewed and updated on a regular basis.

A Clear Desk and Clear Screen Policy has been fully documented, but has not been reviewed or updated on a regular basis.

A Clear Desk and Clear Screen Policy exists, however it is either outdated or the information contained within is sub par.

A Clear Desk and Clear Screen Policy does not exist.

4. Are Third Party Contracts used and current?

All Third-Party contracts are used consistently, are current and contain all of the necessary elements.

Third-Party contracts are used on a consistent basis, are current and contain some of the elements.

Third-Party contracts are used, but are either missing several elements, not used consistently or many are not current.

Third-Party contracts are not used or contracts are not kept current.

TECH

5. Are USB data ports disabled for those employees that do not need them?

All USB ports have been disabled for those employees that do not need them.

Some USB ports have been disabled for those employees that do not need them, however there are still some ports enabled.

There has been detailed discussion regarding future plans to disable USB ports for those employees that do not need them.

All USB ports are enabled.

6. Is a Vulnerability Management program in place?

A thorough Vulnerability Management program is in place, with vulnerability scans being conducted on a regular basis.

Vulnerability scans are conducted on a regular basis, however a thorough vulnerability management program does not exist.

An official Vulnerability Management Program does not exist. Vulnerability scans are conducted sporadically, on an 'as needed' basis.

A vulnerability management program is not documented or practiced.

7. Are all system clocks synchronized?

All system clocks have been synchronized.

Several system clocks have been synchronized, not all.

Few system clocks have been synchronized.

System clocks are not synchronized.

8. Are there restrictions on connection times for high-risk
applications?

Restrictions on connection times to safeguard high-risk applications are in place, practiced on a scheduled basis, and follow an updated Access Control Policy.

Restrictions on connection times to safeguard high-risk applications are in place, and practiced on a scheduled basis, but the policy is outdated.

Restrictions on connection times to safeguard high-risk applications are in place, but not practiced on a regular basis, and there is no documented policy.

There are not restrictions on connection times in place to protect high-risk applications.

9. Are Non-repudiation services being used? i.e. Digital signatures, timestamps

Many non-repudiation services are being used on a consistent basis.

Some non-repudiation services are being used on a consistent basis.

Non-repudiation services are used sporadically.

Non-repudiation services are not being used.

PHYSICAL

10. Is cabling protected from interception or damage?

All cabling is protected from interception and damage.

Most cabling is protected from interception and damage.

Some cabling is protected from interception and damage.

No cabling is protected from interception and damage.

11. Is there separation of development, test and operational
facilities?

Development, test and operational areas/facilities are completely separated, with all roles being segregated.

Development, test and operational areas/facilities are partially separated, access is tightly controlled and roles for each area are segregated.

Development, test and operational all reside in the same area/facility, however most roles have been segregated.

Development, test and operational facilities all share the same computing environment. There is no segregation of roles.

12. Do Removal of Property Procedures exist?

Removal of Property Procedures have been documented, and are consistently practiced, reviewed and updated on a regular basis.

Removal of Property Procedures have been documented and practiced, but are not reviewed and updated on a regular basis.

Some Removal of Property Procedures are occasionally practiced, however they are not documented or consistent.

Removal of Property Procedures do not exist.

First Name
Last Name
Title
Company Name
Telephone
E-Mail Address
How did you hear about Kroll?
Comments / Request

Consumers, Click Here

Search:

IF YOU HAVE BEEN BREACHED

LEARN ABOUT KROLL'S COMPLIMENTARY SECURITY AUDIT

Leading organizations in diverse industries rely on Kroll's comprehensive, world-class services for every phase of breach prevention, response, and recovery.

learn more

Your Identity Is Your Business. Protecting It Is Ours.