The purpose of this tool is to encourage dialog and help an organization assess the state of its network security. Areas included in this review include security policies and procedures, organizational structure, security architecture, internal network security, host vulnerability assessment, and incident response.

This template reviews the network security for a university, but it can be modified to fit any organization’s structure and needs. Sample benchmarking questions include: Would you characterize the information technology (IT) environment as centralized or decentralized? Do the various departments have their own IT staff? Who is ultimately responsible for IT?