An Internal Assessment is a proactive evaluation of an organization’s security posture. It helps to identify and address potential risks and vulnerabilities in information systems

Using a Sample Checklist

• The specific checklists and procedures for an internal assessment may vary based on the following:
• A sample checklist from the Minnesota Counties Intergovernmental Trust (MCIT) is used

MCIT Cybersecurity Self-Assessment

• MCIT’s Cybersecurity Self-Assessment Checklist is designed to help organization’s minimize data and cybersecurity-related exposures
• It assists in identifying areas where data security may need strengthening
• The checklist comprises of yes-or-no questions with sections for comments and action items
• Action items are assigned to specific individuals or groups responsible for implementing corrective actions

Collaborative Approach

• To maximize the checklist’s effectiveness, involve a diverse group of participants from across the organization
  • Administration team
  • Information technology staff
  • Cybersecurity professionals

Overview of the Checklist

• The checklist is broad and aims to provide a quick overview of the organization’s current risk posture
• Organizations may use different checklists or variations with distinct questions
• The general format and purpose of self-assessments are consistent across most organizations