Let's do a self-inspection of information security measures. Introducing a free checklist

Nowadays, information security measures are necessary for both individuals and organizations. That said, there are many different types of countermeasures available, so many people do not know what countermeasures to take. In such a case, firstSelf-inspection (self-check)Let's start with.

What is self-inspection?

As cyber-attacks become more sophisticated, interest in information security is increasing. Many people, both individuals and organizations, are concerned about their own (company's) security level.

Recently, many institutionsSelf-checklist for self-inspectionhas been distributed, making it easy to diagnose the security level of individuals and organizations.Depending on the site, it is also possible to take a simple test on the web.is.

If you are just starting to implement information security measures, start by using this self-checklist to understand your own situation.

Also, some companies conduct self-inspections before conducting an audit of information security measures, but in that case, there are companies that prescribe more detailed inspection methods, such as the Information Security Audit Standards (Ministry of Economy, Trade and Industry). Please refer to them.

How to use the checklist

Depending on the type, some self-inspections can be completed in about 5 minutes. It's free and easy, so many people may have already tried it. but,Be careful when using checklists for self-diagnosisis.

When starting information security measures, it is good to start with self-inspection.Be careful not to be overconfident. We only recommend self-inspection,“Roughly” understand your own (company’s) security levelBecause you can. In other words, you can only check "roughly".

Information security measures do not originally have a fixed form.Different forms are suitable for each individual and company..Different countermeasures require different items to be checked, but checklists that are generally available for free cannot accommodate these differences.

Even if you get a perfect score on the free self-assessment toolDon't be satisfied with thinking that your security measures are perfect., consider whether there are any shortcomings while comparing it to your own situation.

Types of free checklists

Free self-inspection tools regarding various information security measures are available from governments, public organizations, and private companies. Let's briefly summarize the characteristics of each.

Organizational information security measures diagnostic test Information security measures benchmark

Provided by : Information-technology Promotion Agency (IPA)
Target : Organization
Details : You can diagnose the level of information security measures as an organization. In addition, it has a function that allows you to compare your company's countermeasure status with that of similar companies based on the nearly 6,000 diagnostic data collected so far.

You can do it in 5 minutes! Information security in-house diagnosis sheet/brochure

Provided by : Information-technology Promotion Agency (IPA)
Target : individuals, organizations
Details : You can diagnose basic knowledge, measures taken by individual employees, and measures taken as an organization. It is a very convenient and inexpensive diagnosis.

Information security measures self-checklist

Provided by : Japan Network Security Association (JNSA), a specified non-profit organization
Target : individuals, organizations
Details : Divided into four chapters: Email, Computer, Office, and Organization, it can be used to diagnose the security level of an organization and the security level of each individual within an organization.

Information security understanding check

Provided by : Japan Network Security Association (JINSA)
Target : Individuals
Details : Divided into 8 areas: email, internet, viruses, passwords, computers, offices, rules, and information security outside the company, and mainly allows you to diagnose the information security level of each individual within your organization.

Judgment from a third party’s perspective is important

You can use the checklist above to understand your own information security level. However, as I have said many times,Self-inspection only provides a “rough” understanding of the situation.However, even if you have completed the checklist perfectly, this does not mean that your information security measures are in perfect condition. In order to take more appropriate measures,It is better to consult an expert who has many cases and knowledge..

In addition, when conducting an information security audit, it is necessary to prepare a list with an even larger number of check items than the one introduced here, and to carefully check each item one by one. There are many things that cannot be determined through self-diagnosis. The audit was originally commissioned externally.Ask them to make an objective judgment from a third party's perspectivePlease actively utilize outside experts.

[Reference site]

・Organizational information security measures diagnostic test Information security measures benchmark | Information-technology Promotion Agency (IPA)
・Information security self-diagnosis checklist | Cabinet Secretariat Information Security Center (NISC)
・Can be done in 5 minutes! Information security in-house diagnosis sheet/brochure | Information-technology Promotion Agency (IPA)
・Information security understanding check | Japan Network Security Association (JNSA), a specified non-profit organization