Section 13.115 Performing an Internal Assessment

Question 1

Internal Assessment

Answer 1

■ Proactive evaluation of an organisations security posture

■ Helps to identify and address potential risks and vulnerabilities in information systems

Question 2

Sample Checklist

Answer 2

■ The specific checklists and procedures for an internal assessment may vary based on the following

● Organization’s governance
● Risk
● Compliance practices

Question 3

EXAMPLE

Minnesota Counties Intergovernmental Trust (MCIT)

Answer 3

MCIT Cybersecurity Self-Assessment

● MCIT’s Cybersecurity Self-Assessment checklist is designed to help organisations minimise data and cybersecurity-related exposures

● It assists in identifying areas where data security may need strengthening
● The checklist comprises yes-or-no questions with sections for comments
and action items
● Action items are assigned to specific individuals or groups responsible for
implementing corrective actions

Question 4

Collaborative Approach

Answer 4

■ To maximize the checklists effectiveness, involve a diverse group of participants

from across the organisation
● Administration team
● Information technology staff
● Cybersecurity professionals

Question 5

Overview of the Checklist

Overview of the Checklist

Answer 5

■ The checklist is broad and aims to provide a quick overview of the organisations current risk posture

■ Organisations may use different checklists or variations with distinct questions

■ The general format and purpose of self-assessments are consistent across most organisations