ReadyNine | [email protected] | 500 W. Madison Street, Suite 1000, Chicago, IL 60661 Security Assessments These questions are designed to ensure that your organization identifies and hardens attack surfaces. 1. When was your last risk assessment performed and who completed this task? a. Were there critical findings? b. If yes: i. Were those findings remediated? ii. Were those remediations validated? 2. Do you regularly conduct internal and external penetration test? If yes: a. How often? b. What kind? c. When was the last test? d. Were all adverse findings remediated? e. Who conducts your internal and external vulnerability testing? 3. Is the penetration tester independent of your current IT team?