Do you currently employ or work with an organization that manages your IT Security?
Do you currently have a firewall or any other network security devices?
Do you utilize network segmentation? For example (Guest network separate from Employee Workstation network etc)
Do you have a patch management policy?
How often does your company undergo security awareness training (Social Engineering, Phishing etc)
Are you currently analyzing and collecting active log sources? (Login attempts etc)
How often do you have Internal and External Vulnerability Assessments?
When was the last time you had a Penetration Test?
