Category Banner

Trend Micro will assess your security posture with just 25 simple questions

Basic information and questions/Assessment result

Cyber security

To start, please indicate your industry, company size, and job title in the menu at the right. This allows us to provide a comparison to all respondents, and allows you to compare your current security posture with the averages of your peers.

Answer the 25 questions below then click Start Assessment to submit your answers for instant analysis.

Job title
Size(number of employees)
Bussiness Number


[Question 1] Minimum access rights are enforced, giving only limited groups/users access to important information.
[Question 2] Public-facing network and production networks are clearly segmented.
[Question 3] Security software installed on client/server systems is always kept up-to-date.
[Question 4] Critical information cannot be copied or saved onto endpoints.
[Question 5] Our firewall is filtering out all ports and protocols that are not used by business applications.
[Question 6] We educate and warn users on targeted attacks such as APTs.
[Question 7] Security updates are applied to client/server operating systems immediately after availability. Otherwise, IPS, available as part of a security portfolio, is used as an alternative.
[Question 8] Security updates are applied to applications on client/server systems immediately after availability. Otherwise, IPS, available as part of a security portfolio, is used as an alternative.
[Question 9] A proxy server is used for users’ Internet access on our corporate network.
[Question 10] Exchanging executables via email and removable media is prohibited.
[Question 11] We understand how cyber attacks or a targeted attack such as an Advanced Persistent Threat (APT) work.
[Question 12] Important system resources such as public servers and databases are classified.
[Question 13] Important data including personally identifiable information and confidential information are classified.
[Question 14] We’ve documented and understand the details of our corporate network and systems.
[Question 15] Dedicated resources for handling security incidents exist inside or outside the organization.
[Question 16] Reporting structure, in the event of security incidents, is in place.
[Question 17] A process for handling security incidents is documented.
[Question 18] Security policies exist within the organization, and are shared and communicated regularly with employees.
[Question 19] A group or process for gathering security-related information exists within the organization.
[Question 20] Even if above is not in place, we gather security-related information from security vendors and/or a system integrator.
[Question 21] Critical information is protected using Data Loss Prevention (DLP) products that block unauthorized data exchange.
[Question 22] Critical information is encrypted.
[Question 23] Vulnerability assessment or penetration testing is carried out on public-facing systems before availability.
[Question 24] Various security technologies and features, available in security software installed on servers and workstations, are deployed and used.
[Question 25] Technology that can identify suspicious/malicious behavior is used to monitor network traffic.
Top of page