CRR Post-Assessment Questionnaire

CYBER SECURITY ADVISORS (CSA)
CYBER RESILIENCE REVIEW (CRR)
POST-ASSESSMENT QUESTIONNAIRE

Thank you for completing the Cyber Resilience Review post-assessment questionnaire. For more information about this
questionnaire or about the Cybersecurity Advisors Program, please contact Tara Brewer at [email protected]
Cybersecurity Motivation
What was your organization’s motivation to participate in the CRR? (select all that apply)
Validate a Finding

Proactive Cybersecurity Assessment/Start of Improvement Effort

Review Compliance

Obtain Professional Third-Party Opinion of Cyber Defenses

Response to Incident within Organization

Response to Incident within Industry

Reinforce Standards

Other:

Assessment Impact
As a result of the CRR, has your organization...

In which of the following CRR domains has your organization
planned, scheduled, or implemented at least one improvement?
N/A

Improved its allocation of its overall IT and/or cybersecurity budget?
Yes

Planned Scheduled Implemented

Asset Management

|

No

Established or changed your targeted cybersecurity posture?
Yes

Controls Management
Configuration and Change Management

|

No

Shared cybersecurity information with external parties?

Vulnerability Management

Yes

Incident Management

|

No

If Yes, what information is shared:

Service Continuity Management

Lessons Learned

Risk Management

Other:

External Dependencies Management

Best Practices

Training Tips

Leveraged the NIST Cybersecurity Framework?

Training and Awareness Management

Yes

|

No

Please provide a brief explanation for any improvements or changes listed above:

Quality of Assessment & Report
Did DHS establish expectations through CRR preparations?

Yes
Strongly
Agree

|

No
Neither Agree
nor Disagree

Strongly
Disagree

Explanation:

The CRR report was comprehensible, readable, and usable.
The CRR report was valuable.
The CRR met my organization’s expectations.
How could the CRR be improved?

How could the CRR report be improved?

Next Steps
Is your organization interested in participating in additional DHS cyber assessments or other services? (select all that apply)
A Re-Assessment of the Same Critical Service:

Another DHS Service:

Cyber Resilience Review (CRR)

Phishing Campaign Assessment

External Dependencies Management (EDM)

Network Risk and Vulnerability Assessment

Cyber Infrastructure Survey (CIS)

Cybersecurity Evaluation Tool

A New Assessment of a Different Critical Service:
Cyber Resilience Review (CRR)
External Dependencies Management (EDM)
Cyber Infrastructure Survey (CIS)

Industrial Control Systems Evaluation
Cyber Hygiene Scanning