Home
Building new tests - Must be DRAFT!

Meet our amazing GDPR compliance team

Let UNITAS handle your GDPR year wheel so you don't have to worry about rules and compliance. We ensure that your company is always up-to-date and in safe hands when it comes to GDPR

Meet the team here

Q&A - Prepare your leadership for real cyber crisis management

Notify

1. Do we know what data and information supports our business-critical activities?

Yes, we have a complete overview of all critical data and information.

Radio Field

Implement a comprehensive data overview and classification system to identify and categorize critical data and information based on the results of a prior Business Impact Analysis.

2. Do we know what data and information supports our business-critical activities?

In part, we have a good understanding, but there are still some gaps.

Radio Field

Perform regular checks to ensure that all critical data and information is properly identified and protected, and that Business Impact Analyses are up to date.

3. Do we know what data and information supports our business-critical activities?

No, we don't have a clear understanding of which data is critical

Radio Field

Identify relevant suppliers of systems and services that support data and information in business-critical activities.

2. What are the consequences for the business if data and information that supports our business-critical activities are unavailable, altered or leaked?

4. Major consequences, it will significantly affect our operations.

Major consequences, it will significantly affect our operations.

Radio Field

Conduct a business impact assessment to understand the potential business impacts of losing critical data

5. Moderate consequences, it will create some challenges, but we can handle it.

Moderate consequences, it will create some challenges, but we can handle it.

Radio Field

Implement a robust backup and recovery plan to minimize downtime and data loss.

6. Minor consequences, it will have minimal impact on our operations.

Minor consequences, it will have minimal impact on our operations.

Radio Field

Conduct a business impact assessment to understand the potential business impacts of losing critical data

3. Are we confident that our information is adequately protected against known threats?

7. Yes, we are fully confident in our protective measures.

Yes, we are fully confident in our protective measures.

Radio Field

Implement technical security measures such as firewalls, antivirus programs, and intrusion detection systems (IDS).

8. Partially, we have some concerns, but overall we feel safe.

Partly, we have some concerns, but overall we feel safe.

Radio Field

Perform regular vulnerability scans and security assessments to identify and remediate vulnerabilities.

9. No, we are not convinced that our information is adequately protected.

No, we are not convinced that our information is sufficiently protected.

Radio Field

Train employees in information security best practices and update them on emerging threats.

4. Have we in top management defined objectives, strategies or policies in the cyber and information security area that we actively prioritize and support?

10. Yes, we have clear objectives and strategies that we actively support.

Yes, we have clear objectives and strategies that we actively support.

Radio Field

Develop and implement a comprehensive information security strategy approved by senior management.

11. Partially, we have some objectives and strategies, but they are not always prioritized.

In part, we have some objectives and strategies, but they are not always prioritized.

Radio Field

Establish clear information security policies and procedures and ensure they are communicated to all employees.

12. No, we have not defined clear objectives or strategies in this area.

No, we have not defined clear objectives or strategies in this area.

Radio Field

Conduct regular meetings with senior management to evaluate the impact and update security strategies and policies.

5. Do we have a safety organization that is anchored in top management?

13. Yes, our safety organization is strongly anchored in top management.

Yes, our safety organization is strongly anchored in top management.

Radio Field

Establish a dedicated security organization with direct reporting to senior management.

14. Partially, our security organization has some support from top management.

In part, our security organization has some support from top management.

Radio Field

Appoint a Chief Information Security Officer (CISO) with responsibility for monitoring and improving information security.

15. No, our safety organization is not anchored in top management.

No, our security organization is not anchored in top management.

Radio Field

Ensure that the security organization has adequate resources and support from top management.

6. Do we receive ongoing reporting on the status of strategies and objectives within the cyber and information security area?

16. Yes, we receive regular status reports.

Yes, we receive regular status reports.

Radio Field

Implement a reporting system that provides regular updates on the status of security strategies and objectives.

17. Partially, we receive reports, but not regularly.

Partially, we receive reports, but not regularly.

Radio Field

Conduct quarterly safety meetings with senior management to review reports and discuss any necessary changes.

18. No, we do not receive ongoing status reporting.

No, we do not receive ongoing status reporting.

Radio Field

Ensure that reports are easy to understand and accessible to all relevant stakeholders.

7. Has top management taken a position on the authority's or company's risk appetite?

19. Yes, senior management has clearly defined our risk appetite.

Yes, senior management has clearly defined our risk appetite.

Radio Field

Develop a risk management policy that clearly defines the company's risk appetite.

20. Partially, senior management has a general understanding of our risk appetite.

In part, senior management has a general understanding of our risk appetite.

Radio Field

Conduct workshops and training sessions with senior management to ensure a shared understanding of risk appetite.

21. No, senior management has not taken a position on our risk appetite.

No, top management has not taken a position on our risk appetite.

Radio Field

Update risk appetite regularly based on changes in the threat landscape and business objectives.

8. Have we made it clear that top management itself is an obvious target for cyberattacks (for example, CEO fraud and spear-phishing)?

22. Yes, we are fully aware of this risk.

Yes, we are fully aware of this risk.

Radio Field

Conduct regular training sessions and simulations for senior management to increase awareness of cyber threats.

23. Partially, we are aware of the risk but have not taken sufficient precautions.

In part, we are aware of the risk but have not taken sufficient precautions.

Radio Field

Implement technical security measures like two-factor authentication and email filtering to protect senior management.

24. No, we have not considered this risk

No, we have not considered this risk.

Radio Field

Develop a contingency plan specifically to handle attacks targeting senior management.

Meet our amazing GDPR compliance team

1. Do we know what data and information supports our business-critical activities?

2. What are the consequences for the business if data and information that supports our business-critical activities are unavailable, altered or leaked?

3. Are we confident that our information is adequately protected against known threats?

4. Have we in top management defined objectives, strategies or policies in the cyber and information security area that we actively prioritize and support?

5. Do we have a safety organization that is anchored in top management?

6. Do we receive ongoing reporting on the status of strategies and objectives within the cyber and information security area?

7. Has top management taken a position on the authority's or company's risk appetite?

8. Have we made it clear that top management itself is an obvious target for cyberattacks (for example, CEO fraud and spear-phishing)?

We throw ourselves around with knowledge...

Contact Unitas – your partner in security and compliance