Scribd
Upload
209 views3 pages

CyberSecOp Scoping Questionnaire March2023

This document is a scoping and informational questionnaire for a company seeking a security assessment. It collects details about the company's network infrastructure, applications, data types, policies and any past breaches to help scope the assessment. Key details requested include the number of employees, endpoints, email addresses, domains, locations, applications, servers, security devices, network information, data types handled, privacy policies and any previous breaches.

Uploaded by

hemanth_jayaraman
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
209 views3 pages

CyberSecOp Scoping Questionnaire March2023

This document is a scoping and informational questionnaire for a company seeking a security assessment. It collects details about the company's network infrastructure, applications, data types, policies and any past breaches to help scope the assessment. Key details requested include the number of employees, endpoints, email addresses, domains, locations, applications, servers, security devices, network information, data types handled, privacy policies and any previous breaches.

Uploaded by

hemanth_jayaraman
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

Scoping & Informational Questionnaire

Date

Company Name:

Company Main Location:

Compliance Focus:

Testing Deadline:

Assessment/Report Deadline:

Number of Employees:

Number of Endpoints (Workstations /


Laptop - Desktops):

Number of Employee Email Addresses (for


phishing, excluding Distribution List
Addresses such as sales@domain.org):

Number of Domains (for phishing):

Number of Location(s):

Number of In-House Applications & Lines


of Code:

For Web App assessment:


 Number of Pages in Apps to be
Scanned:
 Does the application/s require a
username password to access it?

Number of and names of SaaS


applications?

Is there data encryption in place in flight

CONFIDENTIAL
Scoping & Informational Questionnaire
and/or rest? If yes, describe.

Do you have a BCP/DR Plan in place? Last


table topped/work shopped? If yes,
describe.

Do you have IOT devices in place and


connected to your network? If yes,
describe.

Do you have or outsource for NOC/SOC


services? If yes, describe.

Number of servers: How many of each of


these do you have total?
 Database Servers:
 Physical Servers (on premises in
offices):
 Number of VMs (Virtual Machines,
could be hosted on any server):
 Virtual Servers (e.g. hosted in
AWS, Azure, or VMWare):
 Cloud Applications (e.g. Gmail,
Slack, Dropbox): 
 Web Host Domains and Provider:

Network Security Devices and Systems:


Please list brand/manufacturer Please
describe
 Firewalls make/model:
 IPS/IDS:
 Network Router: 
 AV Endpoint
 Authentication/MFA
 SSO
 DNS
 Web content filter
 Email filter/spam detection
 Other security system/products:
 External IP Ranges (list ranges if

CONFIDENTIAL
Scoping & Informational Questionnaire
known): 
 Internal VLANs/Subnets (list
values if known): 
 Network Diagram (attach if you
have one, not required)
 Cloud VPC (Virtual Private Cloud,
could be hosted with AWS or
Azure): 

Do you handle any Personally Identifiable


Information (PII), Personal Health
Information (PHI), or Payment Card
Information (PCI)? Please list which: 

Do you have any security or privacy


policies in place? If so, which?

Do you have customers or contractors in


the EU, California, New York, or elsewhere
globally?

Any breaches small or larger over the past


12 months? If yes, describe.

CONFIDENTIAL

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy