| Risk Assessment Factors |
YES |
NO |
| 1. |
Company operates in areas with significant regional conflict, e.g., the Middle East, Northern Ireland, etc. |
|
|
| 2. |
Company makes defense-related products |
|
|
| 3. |
Company makes sensitive products |
|
|
| 4. |
Company has known national security connections |
|
|
| 5. |
Overseas operations contribute substantial revenues |
|
|
| 6. |
Significant number of foreign joint ventures |
|
|
| 7. |
Computer and network infrastructure decentralized |
|
|
| 8. |
Substantial number of employees have Internet access |
|
|
| 9. |
Major merger/acquisition in last 24 months |
|
|
| 10. |
Recent or pending downsizing |
|
|
| 11. |
High workforce turnover |
|
|
| 12. |
High percentage of temps, contractors and consultants in workforce |
|
|
| 13. |
Heavy use of computers in product design and development |
|
|
| 14. |
Substantial amounts of sensitive data stored in electronic format |
|
|
| 15. |
Industry leader |
|
|
| 16 |
High tech products contribute substantial revenues |
|
|
| 17. |
Breakthrough products in development or on the horizon |
|
|
| 18. |
No competitive intelligence program |
|
|
| 19. |
Significant e-business or e-commerce presence |
|
|
| 20. |
Rudimentary or no physical security program |
|
|
| 21. |
No formal protection of proprietary information |
|
|
| 22. |
No formal IS security program |
|
|
| 23 |
There have been prior attacks on the company's IS infrastructure |
|
|
