Organisation Information

If included, you will receive a customised analysis for your organisation.  The results will be kept confidential.  If you are hesitant to fill in the details, either remain anonymous or contact me on amz@yahoo.com.

Company Name (optional) 

E-Mail address (optional)

Country (optional) United States Afghanistan Albania Algeria American Samoa Angola Anguilla Antartica Antigua Argentina Armenia Aruba Ascension Island Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bosnia-Herzegovina Botswana Brazil British Virgin Islands Brunei Bulgaria Barkinoa Faso Burundi Camaroon Cambodia Canada Cape Verde Islands Cayman Islands Central African Rep. Chad Republic Chile China Colombia Comoros Congo Cook Islands Costa Rica Croatia Cyprus Czech Republic Denmark Diego Garcia Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Eqitorial Guinea Eritrea Estonia Ethiopia Faeroe Islands Falkland Islands Fiji Islands Finland French Guiana French Polynesia France French Antilles Gabon Gambia Georgia Germany Ghana Gibralter Greece Greenland Grenada Guadeloupe Guam Guantanemo Bay Guatemala Guinea Guinea Bissau Guyana Haiti Honduras Hong Kong Hungary Iceland India Indonesia Iran Iraq Ireland Isreal Italy Ivory Coast Jamaica Japan Jordan Kazakhstan Kenya Kiribati Korea (South) Korea (North) Kuwait Kyrgyzstan Laos Latvia Lebanon Lesotho Liberia Libya Lithuania Luxembourg Macao Macedonia Madagascar Malawi Malaysia Maldives Mali Republic Malta Marshall Islands Mauritania Mauritius Mexico Micronesia Moldiva (CIS) Mongolia Montserrat Morocco Mozambique Namibia Nauru Nepal Netherland Antilles Netherlands Nevis New Calidonia New Zealand Nicaragua Niger Nigeria Niue Island Norfork Island Norway Oman Pakistan Palau Panama Papua New Guinia Paraguay Peru Philipines Poland Portugal Qatar Reunion Island Romania Russia Rwanda Saipan Sao Tome Saudi Arabia Senegal Republic Seychelles Island Sierrra Leone Singapore Slovenia Soloman Island Somalia South Africa Spain Sri Lanka St Helen St Kitts St Lucia St Pierre St Vincent Sudan Suriname Swaziland Sweden Switzerland Syria Taiwan Tanzania Thailand Togo Tonga Trinidad & Tobago Tunisia Turkey Turks/Caicos Tuvalu Uganda Ukraine United Arab Emirates United Kingdom Canada Uruguay Vanuatu Venezuela Viet Nam Wallis / Futuna West Samoa Yemen Republic Yugoslavia Zaire Zambia Zimbabwe

IT Assets

These values are a rough estimate of the perceived value of the organisational intangible IT assets.  You may want to consult your Financial Controller if you are not sure.

Total Value of IT Assets ($)

Include the perceived value of the IT Assets, even those that are not part of the assets that are at risk. Confused about this term: READ MORE HERE!

Total Value of IT Assets at Stake (% of Total Assets)

The percentage of the assets at risk.  If your on-line portion is a small percentage of the total IT infrastructure, put a small percentage.  Refer to the organisational model if you are confused.

Confidentiality and Integrity Loss (% of Assets at Stake)

The percentage of Assets at Stake that would be lost in one attack. E.g. if data is stolen or the integrity of data is compromised.

Vulnerabilities

These values are a rough estimate of the perceived vulnerabilities of your IT assets.

Probability that there is a Vulnerability in your Information Assets (0-1)

If you have no clue of this figure, which will be the result of research on your particular system, leave the default.

Cost to Fix Vulnerabilities (Patches, Updates, Upgrades -$ per month)

This is the total cost per month that you will be charged by the IT people and suppliers to fix vulnerabilities in your IT systems.

Cost to Breach Vulnerabilities (one-time - $)

This is the amount that a hacker would have to spend to actually exploit a vulnerability of your system. If you are unsure about this figure, leave the default value.

Defence Mechanisms

Include the total cost of any defence mechanisms such as antivirus systems, firewalls, intrusion detection systems.

Cost to Build (One time - $)

The total cost including hardware and software of the infrastructure that currently defends your organisation's IT assets.

Cost to Maintain (Annual - $)

Include the maintenance costs that you pay or plan to pay on the defence mechanisms.  Include the wages paid to your IT Security personnel if you think these are relevant.

Attacks

These values are a rough estimate of the perceived threats of your IT assets.

Cost to Break (One-time - $)

Include the cost that an attacker will have to incur to break into your defence mechanisms.  If unsure you are kindly asked to keep this field as default.

Probability that there is a Threat to your System in One Month (0-1)

Depending on the attractiveness of your site, and your firewall and IDS logs you may have a gut feeling on the probability that your site will be attacked.

Disaster and Recovery

Loss of Revenue if IT Assets are compromised ($ per hour of downtime)

If you are working on an e-commerce site, this may be related to the average number of sales per hour that you have transacted on this website.  If you do not use the web-site to conduct e-commerce, then you might want to put zero.

Cost to Rebuild Lost IT Assets (Total Man-hour rate -$/h)

This is the total cost per hour that you will be charged by the IT people to restore from backups the information lost or to fix the damage done to the IT assets.

Total Expected Down Time (Annual - h)

This will be dictated by the Service Level Agreement (SLA) that you have with the organisation in question.  If unsure, enter the maximum tolerable downtime period that you expect.  For a 99% availability, this will be 87.6 hours.

IT Budget

These figures relate to what you or your financial controller has budgeted for IT this year.

Value of IT budget (Annual - $)

The total annual IT budget for the current year.

Value of IT security budget (Annual - $)

The IT security budget including any maintenance costs or any licences that you will pay in the coming year (including any fees that are provisional should an attack be successful on your site).

Review and then Submit the results!

The first 5 people who submit the results of the questionnaire will receive a 1GB google gmail account.

STEP 4 - Submit Results

If you want to submit general feedback on this questionnaire, please do so below before submitting the results.

 

After you submit the results, you will receive a thorough report and detailed analysis of your security expenditure including recommendations for subsequent years.