11. Does your company measure, report and follow-up on information security related matters?
✘
We do not monitor, report or follow-up on the efficiency and adequacy of our implemented security measures. Our company has implemented tools and methods to monitor, report and follow-up the efficiency and adequacy of a selection of our implemented security measures.
company has implemented the necessary tools and methods to monitor, report and follow-up ✔ Our on the efficiency and adequacy of all our implemented security measures.
The following 5 questions are intended to provide you some basic information security checks for your company.
Yes Are audit trails and logs relating to the incidents maintained and proactive action taken in a way that the incident doesn’t reoccur? Does your company verify compliance with regulatory and legal requirements (for example: data privacy)? Has your company developed some own tools to assist the management in assessing the security posture and enabling the company to accelerate its ability to mitigate potential risks? Does an information security roadmap including goals, progress evaluation and potential collaborative opportunities exist in your company? Are monitoring reports and incidents reported to authorities and other interest groups such as a sector federation?
Link to relevant principle
46
| BELGIAN CYBER SECURITY GUIDE
Potential actions to improve your response
No