Tier 1 – Critical (3 points), MFA enabled for all key systems [3], Access policies (least privilege) [3], Regular patch updates [3], Data backups + restore testing [3], Email/web threat protection [3], Tier 2 – Strong controls (2 points), Managed devices [2], Central logging & alerting [2], Network segmentation [2], Security awareness training [2], Conditional access/device-based access [2], Tier 3 – Helpful but lower priority (1 point), Incident response plan [1], Data classification & retention [1], Third-party/supplier risk checks [1], Password manager + unique passwords [1], Physical security [1].

Security budget

by
Print
Embed

Leaderboard

Visual style

Options

Switch template

Continue editing: ?