CIS Post-Assessment Questionnaire

CYBER SECURITY ADVISORS (CSA)
CYBER INFRASTRUCTURE SURVEY (CIS)
POST-ASSESSMENT QUESTIONNAIRE

Thank you for completing the Cyber Infrastructure Survey post-assessment questionnaire. For more information about this
questionnaire or about the Cybersecurity Advisors Program, please contact Tara Brewer at [email protected]
Cybersecurity Motivation
What was your organization’s motivation to participate in the CIS? (select all that apply)
Validate a Finding

Proactive Cybersecurity Assessment/Start of Improvement Effort

Review Compliance

Obtain Professional Third-Party Opinion of Cyber Defenses

Response to Incident within Organization

Response to Incident within Industry

Reinforce Standards

Other:

Survey Impact
As a result of the CIS, has your organization...

In which of the following CIS domains has your organization
planned, scheduled, or implemented at least one improvement?
N/A

Improved its allocation of its overall IT and/or cybersecurity budget?
Yes

Planned Scheduled Implemented

Cybersecurity Management

Leadership roles and responsibilities, documentation,
lifecycle tracking, information sharing, accreditation,
assessment, and audits

|

No

Established or changed your targeted cybersecurity posture?
Yes

Cybersecurity Forces

Personnel assigned to maintain and operate critical
services

|

No

Shared cybersecurity information with external parties?
Yes

Cybersecurity Controls

An effective baseline of security controls governing
the critical service

|

No

If Yes, what information is shared:
Lessons Learned

Incident Response

Preparation for an incident that affects the critical
service

Best Practices

Training Tips

Other:

Dependencies

Leveraged the NIST Cybersecurity Framework?

Critical service’s dependence on data generated or
stored by a system and the organization’s mitigating
controls and procedures

Yes

|

No

Please provide a brief explanation for any improvements or changes listed above:

Quality of Survey & Dashboard
Did DHS establish expectations through CIS preparations?

Yes
Strongly
Agree

|

No
Neither Agree
nor Disagree

Strongly
Disagree

Explanation:

The dashboard was comprehensible, readable, and usable.
The dashboard was valuable.
The survey met my organization’s expectations.
How could the CIS be improved?

How could the CIS dashboard be improved?

Next Steps
Is your organization interested in participating in additional DHS cyber assessments or other services? (select all that apply)
A Re-Assessment of the Same Critical Service:

Another DHS Service:

Cyber Resilience Review (CRR)

Phishing Campaign Assessment

External Dependencies Management (EDM)

Network Risk and Vulnerability Assessment

Cyber Infrastructure Survey (CIS)

Cybersecurity Evaluation Tool

A New Assessment of a Different Critical Service:
Cyber Resilience Review (CRR)
External Dependencies Management (EDM)
Cyber Infrastructure Survey (CIS)

Industrial Control Systems Evaluation
Cyber Hygiene Scanning