Skip to content
  • Home
  • Our services
    • Human
    • Tools
    • Process
  • About us
  • Contact
    • FIC 2023
  • White paper
  • Home
  • Our services
    • Human
    • Tools
    • Process
  • About us
  • Contact
    • FIC 2023
  • White paper

H.O.P. GAP

"*" indicates required fields

Step 1 of 15 - Information

6%
Name*

HOP-001 What is the total headcount of your company?

HOP-002 Do you manage your IT infrastructure internally ?

HOP-003 Do you have someone at your company dedicated to security (CISO) ?

HOP-004 Do you carry out awareness security campaigns to make your users aware of the various IT risks?

Your users must follow awareness campaigns on the many risks present in IT, they must be regularly trained on new risks.

HOP-004.b How often are these campaigns done?

Indicate the frequency of campaigns.

HOP-005 Do your employees receive security awareness training on their first day ?

New users must complete IT security training on their first day.

HOP-006 Do you have a centralized inventory of your hardware assets in place ?

Maintain a centralized and regularly updated inventory of all physical assets containing information. This inventory must contain all the elements necessary to identify the assets and their owners.

HOP-007 Do you control the devices you provide to your employees?

When you provide devices to your employees, it is necessary to manage them to avoid data leaks and other problems.

HOP-008 Do you encrypt your company’s systems?

All of your company’s systems containing data must be encrypted to limit data theft or loss.

HOP-009 Can your employees access data from your company on their personal devices?

Control and manage all devices that connect to your network and have access to data.

HOP-010 Do you use an Asset Discovery Tool within your company?

Use an Asset Discovery tool on your network to identify connected devices and automatically update the inventory of hardware assets.

HOP-011 Do you have a centralized inventory of your software assets?

Maintain a centralized and regularly updated inventory of your software assets. This inventory allows to have a global vision of the softwares used within the company and allows managing them more easily.

HOP-012 Do you use a tool that tracks the installed software on company provided devices ?

Use a tool that allows you to track software installed and used in your company and to have an exhaustive list of the software used.

HOP-013 Are you blocking the installation of applications on company provided devices?

Employees must not have the right to install software and only network administrators have the right to install software.

HOP-014 How do you update the software installed on workstations?

Update your workstation software automatically and regularly.

HOP-014.b How often do you install updates?

Indicate the frequency of updates.

HOP-015 Do you use a secure configuration for hardware and software?

Maintain standard secure configuration documentation for all systems and softwares used.

HOP-016 Do you securely store your Master Images?

Company images and templates must be on a secure server to avoid changes and transfers.

HOP-017 Do you deploy System Configuration Management tools?

Deploy a System Configuration Management tool that will allow you to redeploy configuration parameters at regular intervals.

HOP-018 Do you protect your corporate email with email protection?

Use an email solution that protects your corporate email by filtering emails and blocking malicious emails.

HOP-019 Do you encrypt the communication of emails and attachments sent from your network?

Encrypt the communication of emails and attachments sent from your network so malicious people do not have access to this data.

HOP-020 Do you have installed an antivirus software on your company’s workstations and servers?

Use antivirus software on workstations and servers to prevent and block potential attacks.

HOP-020.b How is your antivirus solution managed ?

HOP-021 Have you configured a firewall to protect your network boundaries?

A firewall is a network security device that controls the incoming and outgoing network of your infrastructure. He can decide to authorize or block traffic according to the rules you set for him.

HOP-022 Do you install the latest stable version of any security-related updates on all network devices?

Install the latest stable updates on devices connected to your computer.

HOP-023 Have you implemented a monitoring tool in your network?

Use a network monitoring tool to detect security vulnerabilities and slowdowns in your network systems.

HOP-024 Do you segment your network based on sensitivity?

Segment your IT infrastructure into several sub-networks called VLAN (Virtual Local Area Network), which improve the speed and security of a network.

HOP-025 Have you deployed intrusion detection systems on your network?

Use an Intrusion Detection System (IDS) on your network to identify and block inappropriate connections.

HOP-026 In the case of telework, how do your users access your computer network?

Use a secure connection when making a remote connection to the company’s network, such as a Virtual Private Network (VPN).

HOP-027 Have you created a separate wireless network for personal and guest devices?

Create a separate network for personal connections and guest devices so as not to use the company’s local network.

HOP-028 Do you monitor unauthorized connections across trusted network boundaries?

Perform a regular scan from outside each boundary of your trusted network to detect unauthorized connections.

HOP-029 Have you implemented Access Control within your company?

Define access control in your company to secure and manage physical access to your buildings and logical access to your information systems.

HOP-030 Have you set up Conditional Access Control (blocking access from certain geolocation, certain hours, etc…)?

Set up a conditional access in place to control the devices connecting to your network, managing working hours, locations, etc…

HOP-031 Do you define Access Control based on "need to know" principle?

Define an access control based on the principle of "need to know" according to which the user of an information system only access information that is necessary for his work.

HOP-032 To connect to your IT asset are your collaborators using a Multi-Factor Authentication?

Use Multi-Factor Authentication (MFA) when connecting remotely, accessing assets or infrastructure.

HOP-033 Do you maintain an inventory of administrative accounts?

Maintain an inventory of your network administrator accounts.

HOP-034 Do you ensure the use of dedicated administrative accounts?

Each administrator must have an administrator account assigned to them and must only use the native account in an emergency.

HOP-035 Do you disable unassociated accounts?

Deactivate user accounts not associated with a person in order to have a better traceability.

HOP-036 Do you review all access regularly?

Review your users' accesses on a regular basis to avoid privilege elevations, improperly associated privileges, and party access.

HOP-036.b How often is the access review done?

Indicate the frequency of the review.

HOP-037 Do you perform vulnerability scan within your network?

Establish a vulnerability analysis of your IT infrastructure in order to learn about the vulnerabilities present and subsequently reduce these security vulnerabilities.

HOP-037.b How often are the scans done?

Indicate the scan frequency you are performing.

HOP-038 Do you perform a penetration test to verify the security of your network?

Set up a full penetration test of your infrastructure in order to learn about vulnerabilities in your network and to remedy them during an action plan.

HOP-038.b How often are the penetration tests done?

Indicate the penetration test frequency you are performing.

HOP-039 Do you conduct a regular safety cybersecurity audit of your network?

The cybersecurity audit allows you to identify risks and potential vulnerabilities in your company’s security system.

HOP-039.b How often are the audit done?

Indicate the audit frequency you are performing.

HOP-040 Do you scan the open and closed ports of your network?

Scan open and closed ports in your network frequently to detect infiltration access points and identify devices running on the network.

HOP-041 How often are the scan done?

Indicate the scan frequency you are performing.

HOP-042 Do you have a data backup system in place?

Set up a backup system to restore your systems in the event of a cyber incident.

HOP-042.b What system are backed up?

HOP-042.c How often do these backups occur?

Set the frequency of your file backups.

HOP-047 Are you completely testing your backups systems?

When performing backups of your systems, it is necessary to test those backups to see if they are working properly and can be deployed later.

HOP-047.b How often do these test occur?

HOP-048 Are the backups of your systems stored securely?

Ensure that your backup files are always at least an offline destination inaccessible by your network.

HOP-049 Do you keep logs of all system events?

Keep your systems logs and events to understand how your infrastructure and components work, analyze and diagnose them to respond accordingly.

HOP-050 Are the logs stored securely?

Securely store your log and event files.

HOP-051 Have you centralized log management?

It is recommended to centralize your logs and event files in a single interface in order to have a global view.

HOP-052 Do you develop applications?

If you are developing applications within your company, it is necessary to answer the following questions.

HOP-053 Do you establish secure coding practices?

Develop applications using secure coding best practices to reduce vulnerabilities and better protect against attacks.

HOP-054 Do you only use up to date and trusted third-party components?

Use only trusted, updated third-party components when developing applications.

HOP-055 Do you only use standardized and extensively reviewed encryption algorithms?

Use only standardized encryption algorithms and avoid using company-specific encryption algorithms. Non-standardized algorithms can introduce risks of being decrypted.

HOP-056 Do you use a production system separate from the non-production system?

It is necessary to maintain distinct environments for production and non-production systems when developing. Developers should not have access to production environments without being monitored.

HOP-057 Do you use standard reinforcement configuration models for databases?

When developing applications based on a database, use standard reinforcement configuration templates.

HOP-058 Have you defined an IT charter defining what employees are entitled to do with IT assets?

Defining an IT charter makes it possible to set the rules for the use of IT tools made available by employees, and to provide for sanctions in case of violation of these rules.
MM slash DD slash YYYY

HOP-059 Have you defined an Information Security Management policy?

Define a Information Security Management Policy that explains how IT assets and resources should be used, managed or protected.
MM slash DD slash YYYY

HOP-060 Have you defined an Asset Management policy?

Define an Asset Management policy that identifies the roles and responsibilities of the assets.
MM slash DD slash YYYY

HOP-061 Have you defined an Acceptable Use policy?

Define an Acceptable Use policy explaining the constraints and practices a user must accept to access an enterprise network.
MM slash DD slash YYYY

HOP-062 Have you defined an Identify and Access Control policy?

Define a Identify and Access Control policy describing the types of electronic identities used for systems and applications.
MM slash DD slash YYYY

HOP-063 Have you defined a password policy?

Define a password policy that includes a set of rules to improve the difficulty of passwords and thus improve the security of the IS.
MM slash DD slash YYYY

HOP-064 Have you defined a cryptography policy?

Defining a cryptographic policy ensures the security of data in information and communication systems.
MM slash DD slash YYYY

HOP-065 Have you defined a Physical Access Security policy?

Define a Physical Access Control policy explaining your employees' restrictions and access to areas or buildings.
MM slash DD slash YYYY

HOP-066 Have you defined a Personnel Security policy?

Define a Personnel Security policy describing how to protect your company’s network.
MM slash DD slash YYYY

HOP-067 Have you defined a Secure Development policy?

Define a Secure Development policy describing the best practices to be implemented when developing applications in a secure manner and thus security vulnerabilities.
MM slash DD slash YYYY

HOP-068 Have you defined a Change Management policy?

Define a Change Management policy explaining the practices to be implemented to minimize the risk associated with the changes.
MM slash DD slash YYYY

HOP-069 Have you defined a Patch Managment policy?

Define a Patch Management policy explaining the steps and procedures to manage and mitigate vulnerabilities in your infrastructure through a documented patch process.
MM slash DD slash YYYY

HOP-070 Have you defined a Business Continuity Plan?

Define a Business Continuity Plan (BCP) describing the processes to be implemented during an incident in the company and the recovery processes.
MM slash DD slash YYYY

HOP-071 Have you defined an Information Backup policy?

Define a Data Backup policy describing the rules and procedures to be implemented during backup copies.
MM slash DD slash YYYY

HOP-072 Have you defined a Security Incident Response policy?

Define a Security Response policy to the incident explaining the steps to be taken in the event of an incident.
MM slash DD slash YYYY

HOP-073 Have you defined a Third-Party Security policy?

Define a Third-Party Security policy expressing the security of the use of third-party products and services.
MM slash DD slash YYYY

HOP-074 Have you defined an Homeworking policy?

Define an Homeworking policy to bring together the procedures to oversee the delivery of work by your employees outside the usual places of work.
MM slash DD slash YYYY

HOP-075 Have you defined a Data Loss Prevention policy?

Setting a Data Loss Prevention (DLP) policy helps protect your organization’s data.
MM slash DD slash YYYY

HOP-076 Have your employees signed off on these policies?

All of your employees must be aware of your company’s policies, and must read and approve each of them.

HOP-077 Have you defined an Incident Response plan?

Establishing an Incident Response plan ensures that, in the event of a security breach, appropriate personnel and procedures are in place to effectively defend against the threat.
MM slash DD slash YYYY

HOP-077.b How often do you test it?

Indicate the test frequency.

HOP-078 Have you defined an Information Classification?

Define a Classification of Information in which you assess the data you hold and the level of protection that must be granted to it.
MM slash DD slash YYYY

HOP-079 Have you defined a Risk Assessment Process?

Define a Risk Assessment process to identify and prepare for potential risks and thereby reduce the consequences and ensure the security of information systems.
MM slash DD slash YYYY

HOP-079.b How often do you review your Risk Register?

Indicate the frequency of review of the Risk Register.
Contact us

38-40, Parc d'Activités

L-8308 Capellen, Luxembourg

+352 31 71 32 1

contact@rsecure.lu

our services

Human

Tools

Procces

legal notice

General terms and conditions of use

General terms and conditions of sale

Sitemap

© 2023 Rsecure.
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
Cookie SettingsAccept All
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.

Read our privacy policy

 
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
  • EnglishEnglish
  • FrançaisFrançais