Security Assessment

Security Assessment

Client Environment

This questionnaire is used to compile the required information to guarantee the accuracy of pricing and implementation timeframe estimates.
Please fill out as much information as possible. If clarification is needed, or information is unknown, please contact your salesperson.

Company Information

Company Name:*
Point of Contact Name:*
Point of Contact Title:*
Email Address:*
Primary Telephone:*
Secondary Telephone:
Physical Address (If multiple, list all):*
Regulatory Environment (PCI, NCUA, HIPAA, SOC II, SOX, FISMA, etc.):*
Required Assessment Result Deadline:
Please list any additional comments or information about your environment you feel is pertinent to your assessment:*
What is your goal or objective for this assessment?:*

Assessment Information

Type of Testing (Check desired assessment type or types):

In-depth security testing which reviews organizations technical, operational, and management controls. Testing activities include interviews with key personnel responsible for security, documentation review of policies and procedures, independent verification and validation of implemented solutions, and vulnerability scanning of identified assets.

Uncovers weaknesses and identifies critical flaws in your network that an attacker could exploit.

Targeted testing which attempt to exploit flaws in system design/architecture, with knowledge of system including application types/versions, etc.

Targeted testing which attempts to exploit flaws in system design/architecture, with NO knowledge of system.

Mimic activities used by attackers to trick employees to reveal sensitive data. Methods may include phone, internet-based (e.g. email phishing), or on-site engagements.

Independent compliance confirmation with industry standards and regulations including PCI, FISMA, HIPAA, NCUA, FDIC, Sarbanes Oxley, SANS 20, etc.

List regulation, standard, or framework for Audit:

Client Environment

Is an on-site inspection of physical controls in scope?
If so, list sites and locaitons.

How many external IP addresses are in-scope?

How many internal IP addresses are in-scope?

Are there any web applications in-scope?
If so, list number and briefly describe in-scope applications.

Do in-scope web applications collect or process payment card information?

Do in-scope web applications collect or process Personal Health Information (PHI)?

Do in-scope web applications collect or store other Personally Identifiable Informaiton (PII)?

Are websites hosted internally or via a third party hosting provider?
If hosted, please list hosting provider.

Web Servers - List versions with instance counts:

Web Applications - List versions with instance counts.

Web Content Management Systems - List versions with instance counts.

How many server-type systems are in-scope? (Both physical and virtual):

How many desktop systems are in-scope?

How many laptop systems are in-scope?

How many security appliances are in use? (Firewalls/ID/IPS, etc.)

Approximately how many network devices does the organization have (regardless of assessment scope, this question helps us gauge size and complexity of environment)?

Are your server systems located in-house or at a third-party co-location facility? If Co-Lo, please list provider and location(s).

Do you utilize any Cloud based systems? If so, please list Cloud Service Provider and service provided.

Are any of the Cloud-based systems noted above in scope for this assessment? If so, which?

Do you utilize any hosted systems? If so, please list hosting provider.

Are any of the hosted systems noted above in scope for this assessment? If so, which?

Do you utilize a third party provider to manage or monitor your network? If so, please list provider.

Do you have an IT Steering Committee?

Do you have an IT Security or Compliance Committee?

Who is the person primarily responsible for technology (list name and title).

Who is the person primarily responsible for security? (List name and title)

Who is the person primarily responsible for compliance? (List name and title)

Do you have documented security policies implemented for the following? Check all that apply.

Do you allow employees to connect personally owned devices to the corporate network (BYOD)? If so, are any of these devices in-scope?

Have any significant changes occurred within the technology environment in the last 12 months?

Are any significant changes planned within the next 12 months?

Are there known limitations or exclusions from this assessment?

Has the organization undergone a similar assessment in the past?

Has the organization experienced any known security incidents or breaches in the preceding 12 months? If yes, please describe incident.





Panthera Technologies Corp HQ | 10461 Mill Run Circle, Suite 200 | Owings Mills, MD 21117
Columbia | 6750 Alexander Bell Dr Suite 100 | Columbia, MD 21046
Georgia | 2300 Lakeview Parkway Suite 700 | Alpharetta Georgia 30009
Virginia | 11720 Sunrise Valley Drive Suite LL-01 | Reston, VA 20191
Phone: (410) 696-5808 | Fax: (410) 696-5780 | Email:
Copyright 2005-2017 Panthera Technologies. All Rights Reserved.