Security Brutalist Assessment

If you’ve arrived here and prefer to read the instructions first, head over to the Security Brutalist Checker Tool page.

1. Minimize Attack Surface

Not implemented

Keep a full asset inventory Remove anything unnecessary Harden what remains

2. Strong Identity & Access Management

Not implemented

Default to no access Grant only needed access Lock down admin accounts Use zero trust & segmentation

3. Data Security

Not implemented

Classify, encrypt, and control access Test, protect, and restore backups

4. Patch & Vulnerability Management

Not implemented

Scan constantly Patch fast Eliminate unsupported software

5. Incident Response

Not implemented

Have a simple, practiced plan Know how to detect, contain, recover

6. Continuous Assessment

Not implemented

Regularly scan and test Remove what’s no longer needed Continuous improvement

7. Cloud Security

Not implemented

Least privilege & IAM controls Encrypt data in transit & at rest Logging & monitoring in place

8. Email Security

Not implemented

Use SPF, DKIM, DMARC Filter or quarantine suspicious email Train users to spot phishing

9. Security Education & Awareness

Not implemented

Frequent, realistic training Phishing simulations used No-blame reporting culture