Epitechnic Ransomware Defence Maturity Score

1

As part of our commitment to helping our clients bolster their cybersecurity posture against ransomware threats, we've developed a comprehensive questionnaire based on the AWS Blueprint for Ransomware Defence and the NIST CSF 2.0 framework. This questionnaire is designed to assess your current environment and practices in line with the latest cybersecurity standards and AWS recommendations. We invite you to answer the questions, selecting the option that most closely reflects the current state of your cloud environment. Your insights will be used to identify areas where you excel and pinpoint opportunities for further enhancement to ensure that your defences remain robust and effective against ransomware.
2
How does your organisation manage inventory and classification of AWS resources for enhanced visibility and security governance?* This field is required.
We do not have a clear process for inventory management or classification of AWS resources.
We manually document AWS resources in spreadsheets without regular updates or classification based on sensitivity.
We primarily rely on tagging AWS resources for classification, but without a standardized or consistent approach across the organisation.
We utilize third-party tools exclusively for inventory management, without integrating AWS native services.
We use AWS Config and AWS Systems Manager Inventory to dynamically manage and classify resources based on criticality and sensitivity.
3
How does your organisation ensure secure configurations for its AWS resources and workloads?* This field is required.
We have not implemented a consistent strategy for securing configurations across our AWS resources.
We manually configure each AWS resource and periodically review configurations against AWS best practices without using any management services.
We utilize AWS Config to continuously monitor and evaluate our AWS resource configurations against desired settings, but do not automate response actions.
We rely on third-party tools exclusively for configuration management and do not leverage AWS-native services.
We use AWS Control Tower and AWS Config for setting up and governing a secure multi-account AWS environment including automated deployment of guardrails based on AWS best practices.
4
How does your organisation implement identity and access management (IAM) practices in AWS?* This field is required.
We have an ad-hoc approach to access management, primarily relying on root account sharing without utilizing IAM features for access control.
We manage access through manual creation of IAM users and groups in each AWS account without federating with an external IdP or using IAM Identity Center.
We utilize AWS IAM for creating users and roles but have not implemented best practices for least privilege access or integrated with IAM Identity Center for centralized management.
We leverage a third-party identity management solution without integrating it with AWS IAM Identity Center.
We use AWS IAM Identity Center for centralized workforce access management federating (if relevant) with existing identity providers such as Active Directory, Okta, PingOne, etc., and managing permissions across all AWS accounts.
5
How does your organisation approach vulnerability management for AWS resources?* This field is required.
Our vulnerability management process is ad-hoc, with limited use of automated tools and no formal integration between AWS services and our security operations.
We conduct vulnerability assessments manually on a periodic basis without leveraging AWS-specific tools or services for continuous monitoring or automated remediation.
We use Amazon Inspector for continuous vulnerability scanning of our EC2 instances, AWS Lambda functions, and container images, but we do not integrate findings with other AWS security services.
We rely exclusively on third-party vulnerability management tools without integrating them with AWS services.
We utilize AWS Security Hub for a comprehensive view across AWS environments enabling centralized investigation and remediation of security findings.
6
How does your organisation prepare for data recovery and manage incident response in AWS?* This field is required.
We rely on manual backups and have no formal incident response plan in place, leading to potential delays in recovery and response.
We use AWS Backup for automated data protection across AWS services but have not yet implemented regular recovery exercises or a formal incident response plan.
We use Elastic Disaster Recovery for resilience against incidents, including regular testing of our incident response mechanisms.
We utilize third-party backup and disaster recovery solutions without integrating them with AWS-specific services such as AWS Backup or AWS Elastic Disaster Recovery.
We regularly perform recovery exercises using AWS Backup and AWS Elastic Disaster Recovery to ensure fast and reliable recovery of applications, along with testing our incident response plan.
7
How does your organisation implement malware defence strategies in your AWS environment?* This field is required.
We manually scan our EC2 instances and container workloads for malware on an irregular basis and do not use DNS traffic filtering.
We rely solely on network-level defences without specific malware detection and protection mechanisms for our AWS resources, lacking integration with AWS-native malware defence services.
We have an automated response plan that integrates Amazon GuardDuty Malware Protection findings with AWS Lambda for automated threat mitigation but do not use DNS-level protections.
We use third-party malware protection solutions without integrating Amazon GuardDuty Malware Protection or DNS-level protection services like Amazon Route 53 Resolver DNS Firewall.
We leverage Amazon GuardDuty Malware Protection for automated, agentless scans of Amazon EBS volumes attached to EC2 instances or container workloads when suspicious behaviour is detected, alongside Amazon Route 53 Resolver DNS Firewall for filtering and regulating outbound DNS traffic.
8
How does your organisation implement security awareness and skills training to address cybersecurity risks?* This field is required.
We have not implemented a formal security awareness or skills training program and rely solely on external resources when necessary.
We provide ad-hoc security training only when new threats are identified, without a structured program or use of specific AWS training resources.
Our security training is integrated into the onboarding process for new hires, but we do not offer ongoing training or use AWS-specific training resources.
We conduct annual security awareness training for all employees, leveraging AWS Skill Builder and AWS Workshops to enhance understanding of AWS services and security best practices.
We utilize a combination of AWS Skill Builder, AWS Workshops, and the AWS Well-Architected Tool for comprehensive, continuous security training and architectural best practices education.
9
What strategy does your organisation employ for log management and analysis to support data recovery and incident response in AWS?* This field is required.
Our approach to log management is ad-hoc, with inconsistent practices across different AWS services and no formal incident response strategy that utilizes log data for recovery or analysis.
We manually monitor and analyse logs using local scripts and tools without centralized log management or retention policies, leading to potential gaps in log coverage and analysis capabilities.
We implement centralized log management using AWS services like Amazon CloudWatch, AWS CloudTrail, and Amazon S3, with lifecycle policies to manage log retention and costs effectively. We also utilize AWS Security Hub for a comprehensive security overview.
We rely solely on third-party tools for log management and analysis, without integrating these tools with AWS-native logging services, potentially missing out on AWS-specific insights.
We employ an advanced log management strategy that includes AWS CloudTrail Lake and Amazon Security Lake for immutable log storage and advanced query capabilities, supporting comprehensive incident response and data recovery efforts.
10
What email address would you like us to send your report to?* This field is required.
example@example.com
11
What is your company name?* This field is required.
12
Would you like to receive occasional emails with useful tips and tools?* This field is required.You can opt out at any time.
Opt in
Opt out
Should be Empty: