Risks Prompts: Rutendo Gandi

Cybersecurity Threats
1. What measures are in place to protect against
phishing attacks?
2. How often are cybersecurity threat assessments
conducted?
3. What is the process for handling and responding to
cybersecurity incidents?
4. Are employees trained to recognize and report
potential cyber threats?
5. What types of cybersecurity tools (e.g., firewalls,
antivirus) are deployed across the organization?
6. How often are cybersecurity tools and protocols
reviewed and updated?
7. Are there any measures to protect against insider
threats?
8. How are cybersecurity risks communicated to the
board and senior management?

Third-Party Vendor Management

1. What criteria are used to evaluate the security
practices of third-party vendors?
2. How often are third-party vendors' security policies
reviewed?
3. Are there contractual agreements in place with third-
party vendors regarding data security and privacy?
4. What is the process for managing third-party vendor
access to sensitive information?
5. How are third-party vendors monitored for
compliance with security standards?
6. What steps are taken if a third-party vendor fails to
meet security requirements?
7. Are third-party vendors required to notify the
organization of any security breaches?
8. What is the process for terminating the relationship
with a third-party vendor in terms of data security?

Data Privacy and Protection

1. Does the organization have a documented data
privacy policy?
2. How often is the data privacy policy reviewed and
updated?
3. What measures are in place to ensure compliance
with data protection regulations (e.g., GDPR, CCPA)?
4. Are there procedures for responding to data subject
access requests?
5. How is personal data encrypted both in transit and at
rest?
6. What is the process for handling and reporting data
breaches?
7. Are employees trained on data privacy and
protection requirements?
8. How are data privacy risks assessed and mitigated?
Network Security
1. What network security controls are implemented to
protect against unauthorized access?
2. How often are network security audits conducted?
3. Are there intrusion detection and prevention systems
in place?
4. How is network traffic monitored for suspicious
activity?
5. What measures are in place to secure wireless
networks?
6. Are remote access connections secured with multi-
factor authentication?
7. How often are network security policies and
procedures reviewed?
8. What is the process for responding to network
security incidents?

Compliance with Regulatory Requirements

1. What regulatory requirements is the organization
subject to?
2. How does the organization stay updated with
changes in regulatory requirements?
3. What processes are in place to ensure compliance
with regulatory requirements?
4. How often are compliance audits conducted?
5. Are there documented procedures for reporting
compliance issues?
6. How is employee awareness of regulatory
requirements maintained?
7. What tools or systems are used to manage
compliance activities?
8. Are compliance findings and remediation efforts
reported to senior management?

Business Continuity Planning

1. Does the organization have a formal business
continuity plan?
2. How often is the business continuity plan tested?
3. What are the key components of the business
continuity plan?
4. How are critical business functions identified and
prioritized in the continuity plan?
5. Who is responsible for activating the business
continuity plan?
6. How often is the business continuity plan reviewed
and updated?
7. Are employees trained on their roles in the business
continuity plan?
8. What measures are in place to ensure continuity of
operations in the event of a disruption?