“How many of the Fortune 500 are hacked right now?” F-Secure Chief Research Officer Mikko Hypponen asked the crowd at this year’s Thinking Digital conference in Newcastle. “The answer — 500.”
Though every corporation is different, the threats they face are similar, in that they are vast, constantly evolving and reliant on the greatest vulnerability there is — human error, both in programming and employee’s security practices. That’s why the challenges implicit in securing a large organization are difficult to quantify in statistics, glaring failures or even comprehensive case studies.
So as part of a constant effort to give those charged with protecting their networks a clear picture of the challenges F-Secure Labs’ Cyber Gandalf — yes, that’s his actual job title — Andy Patel put together a Cyber Security Stress Test for anyone broadly aware of their organization’s security technologies, people, and processes.
It’s broken into sections based around the model the Labs uses to illuminate that cyber security is a process.
- Prevent: Can you minimize your attack surface and prevent incidents?
- Detect: Can you recognize incidents and threats to isolate and contain them?
- Respond: Can you react to breaches, mitigate the damage and analyse what went wrong?
- Predict: Can you understand your risk, know your attack surface and uncover weak spots?
Andy told us his goal was to create a test that was comprehensive yet moved quickly enough that it didn’t feel too long.
You can take it now. If you if you do, Andy would really appreciate your feedback — especially if you are a sysadmin, a chief security officer, or an executive in charge of securing your company’s digital assets .
“Coming up with questions wasn’t easy. It took quite a bit of research and asking around,” Andy explains. “Once I had the questions, I found they were difficult to answer with simple yes/no/don’t know answers. So I changed the answer scheme to allow for a range of possibilities.”
Each section gives you a score that rates your ability to handle one aspect of the cyber security process and it compares it to your expectation of your ability, which is measured by a question at the beginning of each section.
Each section has a tip on how to improve your score. And the final score ties together all of your responses with a scoring scheme that Andy calls “complex and mathy.”
Now, we’re wondering if you have any tips for Andy to make the quiz even better.
Here are a few questions he has for you:
- Are the results useful?
- Are they presented in a readable way?
- Do the demographic comparisons provide any insight?
- Would you consider following up on the test by entering your email address to get the report and related articles?
- Did we miss out on any potentially important areas?