Total 0/73
DW = divineway.czSELF = customerVEND. = website vendor★ = added recommendation
CORE
Level 1 · Minimum Baseline
If you do nothing else, do this. Eliminates the most common causes of security incidents regardless of company size.
0 / 20
Identity & Access▼
Passwords min. 15 characters, mixed types
SÁM
Password manager (Bitwarden, 1Password)
DW
MFA on all critical accounts (email, cloud, banking)
DW+SÁM
Never reuse passwords across accounts
SÁM
★ Account breach monitoring (HaveIBeenPwned)
DW+SÁM
Devices & Software▼
Antivirus on PC and mobile — ESET PROTECT Cloud
DW
Automatic OS and application updates
DW
Firewall enabled (Windows / macOS)
DW
Device encryption (BitLocker / FileVault)
DW
★ Browser security & uBlock Origin
DW
Data & Backups▼
Backup min. 1× weekly (disk or cloud)
DW
At least 2 copies of data (3-2-1 rule)
DW
Backup restore tested and verified
DW
Network▼
Strong Wi-Fi password (WPA2/WPA3)
DW+SÁM
Separate guest network
DW
UPnP disabled on router
DW
★ DNS protection (Cloudflare 1.1.1.1 / NextDNS)
DW
Email & Human Factor▼
★ SPF, DKIM, DMARC configured on domain
DW/DOD.
Training: phishing, SMS scams, fake invoices
DW
No software from unknown sources
SÁM
BASIC
Level 2 · Business Standard
Expected standard for any business handling customer data or employing staff.
0 / 26
Identity & Access▼
Central identity management (Azure AD / Google WS)
DW
MFA mandatory for all users
DW
Role-based access control (RBAC)
DW
Minimum number of admin accounts
DW
★ Formal offboarding process for departing staff
DW
Devices & Management▼
Central PC/mobile management (Intune / MDM)
DW
Policies: encryption, firewall, AV, updates
DW
HW/SW inventory maintained and current
DW
Standardised company PC image
DW
★ Patch management SLA defined
DW
Data & Backups▼
Automated backups (servers & cloud)
DW
3-2-1 backup strategy in place
DW
Restore test min. 2× per year
DW
Data retention policy (30–90 days)
DW
★ Data classified (Public / Internal / Confidential)
DW
Network & Infrastructure▼
Business firewall (MikroTik / Fortigate)
DW
VLAN segmentation (admin/servers/staff/guests)
DW
Availability monitoring (Zabbix / UptimeRobot)
DW
VPN for remote access
DW
★ DNS filtering (Cisco Umbrella / NextDNS Biz)
DW
Communication, IR & Human▼
Anti-spam & anti-phishing (Defender / Google)
DW
Public sharing links disabled by default
DW
SPF / DKIM / DMARC on company domain
DW/DOD.
★ Written incident response plan exists
DW
Security training min. 1× per year
DW
IT policy & incident reporting process
DW
SECURE
Level 3 · High Resilience
For organisations with regulatory requirements (GDPR, NIS2, ISO 27001) or after a security incident. Requires dedicated security ownership.
0 / 27
Identity & Access▼
Zero Trust architecture principles applied
DW
Conditional Access policies configured
DW
Admin hardening: PAM, JIT/JEA
DW
Regular access audits conducted
DW
★ Secrets management (Vault / Azure Key Vault)
DW
Devices & Management▼
EDR/XDR (Defender for Endpoint / CrowdStrike)
DW
Centralised logging & SIEM deployed
DW
OS hardening per CIS Benchmarks
DW
Dedicated admin workstations
DW
★ Vulnerability management programme (Tenable / Qualys)
DW
Data & Backups▼
Immutable backups (WORM — Write Once Read Many)
DW
Geo-redundant backup locations
DW
Encryption at rest & in transit (TLS 1.2+)
DW
DLP (Data Loss Prevention) configured
DW
Network & Infrastructure▼
IDS/IPS deployed
DW
Network microsegmentation applied
DW
Redundant internet connections
DW
Redundant power (UPS / generator)
DW
★ Threat intelligence feeds subscribed
DW
Business Continuity & Compliance▼
★ BCP/DR plan documented & tested
DW
★ CSIRT / SOC with escalation paths defined
DW
★ Supply chain / TPRM vetting in place
DW
★ Controls mapped to ISO 27001 / NIS2 / GDPR
DW
Human Factor▼
Simulated phishing campaigns run
DW
Penetration tests conducted
DW
Security Manager or external CISO assigned
DW
★ Red Team / Purple Team exercises done
DW
📄 Get your PDF Report
Enter your email and receive the full PDF report as an attachment.
PDF Report sent!
The download link has been sent to your email as an attachment.