Scribd Logo
Upload

Welcome to Scribd!

  • CyberSecOp Scoping Questionnaire March2023

    Uploaded by

    hemanth_jayaraman
    29 views3 pages
    This document is a scoping and informational questionnaire for a company seeking a security assessment. It collects details about the company's network infrastructure, applications, data types, policies and any past breaches to help scope the assessment. Key details requested include the number of employees, endpoints, email addresses, domains, locations, applications, servers, security devices, network information, data types handled, privacy policies and any previous breaches.

    Original Description:

    CybersecOP

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document is a scoping and informational questionnaire for a company seeking a security assessment. It collects details about the company's network infrastructure, applications, data types, policies and any past breaches to help scope the assessment. Key details requested include the number of employees, endpoints, email addresses, domains, locations, applications, servers, security devices, network information, data types handled, privacy policies and any previous breaches.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    29 views3 pages

    CyberSecOp Scoping Questionnaire March2023

    Uploaded by

    hemanth_jayaraman
    This document is a scoping and informational questionnaire for a company seeking a security assessment. It collects details about the company's network infrastructure, applications, data types, policies and any past breaches to help scope the assessment. Key details requested include the number of employees, endpoints, email addresses, domains, locations, applications, servers, security devices, network information, data types handled, privacy policies and any previous breaches.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 3

    Scoping & Informational Questionnaire

    Date

    Company Name:

    Company Main Location:

    Compliance Focus:

    Testing Deadline:

    Assessment/Report Deadline:

    Number of Employees:

    Number of Endpoints (Workstations /


    Laptop - Desktops):

    Number of Employee Email Addresses (for


    phishing, excluding Distribution List
    Addresses such as sales@domain.org):

    Number of Domains (for phishing):

    Number of Location(s):

    Number of In-House Applications & Lines


    of Code:

    For Web App assessment:


     Number of Pages in Apps to be
    Scanned:
     Does the application/s require a
    username password to access it?

    Number of and names of SaaS


    applications?

    Is there data encryption in place in flight

    CONFIDENTIAL
    Scoping & Informational Questionnaire
    and/or rest? If yes, describe.

    Do you have a BCP/DR Plan in place? Last


    table topped/work shopped? If yes,
    describe.

    Do you have IOT devices in place and


    connected to your network? If yes,
    describe.

    Do you have or outsource for NOC/SOC


    services? If yes, describe.

    Number of servers: How many of each of


    these do you have total?
     Database Servers:
     Physical Servers (on premises in
    offices):
     Number of VMs (Virtual Machines,
    could be hosted on any server):
     Virtual Servers (e.g. hosted in
    AWS, Azure, or VMWare):
     Cloud Applications (e.g. Gmail,
    Slack, Dropbox): 
     Web Host Domains and Provider:

    Network Security Devices and Systems:


    Please list brand/manufacturer Please
    describe
     Firewalls make/model:
     IPS/IDS:
     Network Router: 
     AV Endpoint
     Authentication/MFA
     SSO
     DNS
     Web content filter
     Email filter/spam detection
     Other security system/products:
     External IP Ranges (list ranges if

    CONFIDENTIAL
    Scoping & Informational Questionnaire
    known): 
     Internal VLANs/Subnets (list
    values if known): 
     Network Diagram (attach if you
    have one, not required)
     Cloud VPC (Virtual Private Cloud,
    could be hosted with AWS or
    Azure): 

    Do you handle any Personally Identifiable


    Information (PII), Personal Health
    Information (PHI), or Payment Card
    Information (PCI)? Please list which: 

    Do you have any security or privacy


    policies in place? If so, which?

    Do you have customers or contractors in


    the EU, California, New York, or elsewhere
    globally?

    Any breaches small or larger over the past


    12 months? If yes, describe.

    CONFIDENTIAL

    You might also like