| s_1_1 |
What are your responsibilities in your organization? Select one or more - Management related tasks |
| s_1_2 |
What are your responsibilities in your organization? Select one or more - IT-security related tasks |
| s_1_3 |
What are your responsibilities in your organization? Select one or more - Privacy/data protection related tasks |
| s_1_4 |
What are your responsibilities in your organization? Select one or more - Software development related tasks |
| s_1_5 |
What are your responsibilities in your organization? Select one or more - IT administrator related tasks |
| s_1_6 |
What are your responsibilities in your organization? Select one or more - Other, please specify |
| s_134 |
What are your responsibilities in your organization? Select one or more - Other, please specify |
| s_3 |
How many employees are there in your organisation? |
| s_2_1 |
What industry sector is your organisation in? - Media & Publishing |
| s_2_2 |
What industry sector is your organisation in? - Health care |
| s_2_3 |
What industry sector is your organisation in? - Financial services |
| s_2_4 |
What industry sector is your organisation in? - Software development |
| s_2_5 |
What industry sector is your organisation in? - Entertainment & Music |
| s_2_6 |
What industry sector is your organisation in? - Education |
| s_2_7 |
What industry sector is your organisation in? - Manufacturing |
| s_2_8 |
What industry sector is your organisation in? - Consultancy |
| s_2_9 |
What industry sector is your organisation in? - Life Sciences and Pharmaceuticals |
| s_2_10 |
What industry sector is your organisation in? - Insurance |
| s_2_11 |
What industry sector is your organisation in? - Other |
| s_43_1 |
In which countries does your organisation have branches? Select one or more - Denmark |
| s_43_2 |
In which countries does your organisation have branches? Select one or more - Other Nordic countries |
| s_43_3 |
In which countries does your organisation have branches? Select one or more - Other EU countries (non-Nordic) |
| s_43_4 |
In which countries does your organisation have branches? Select one or more - Non-EU countries |
| s_44 |
What is your organisation’s turnover (in DKK)? |
| s_105 |
Do you have a yearly budget allocated for Security & Privacy needs? |
| s_106 |
If YES, what percentage of your IT budget does it constitute? |
| s_136 |
To what extent your organization has outsourced IT systems and IT security? |
| s_46_1 |
How do you measure your cyber-security and privacy readiness? Select one or more - We rely on the IT solutions derived from established security and privacy standards |
| s_46_2 |
How do you measure your cyber-security and privacy readiness? Select one or more - Internal method/ framework/ procedure |
| s_46_3 |
How do you measure your cyber-security and privacy readiness? Select one or more - We do not have any measures |
| s_46_4 |
How do you measure your cyber-security and privacy readiness? Select one or more - Not sure |
| s_48_1 |
If you rely on established standards to measure your cyber-security and privacy readiness, which ones do you use? Select one or more - ISO/IEC 27001 |
| s_48_2 |
If you rely on established standards to measure your cyber-security and privacy readiness, which ones do you use? Select one or more - ISO 27701 |
| s_48_3 |
If you rely on established standards to measure your cyber-security and privacy readiness, which ones do you use? Select one or more - Center for Internet Security - Critical Security Controls (CIS CSC) |
| s_48_4 |
If you rely on established standards to measure your cyber-security and privacy readiness, which ones do you use? Select one or more - Control Objectives for Information and Related Technologies (COBIT) |
| s_48_5 |
If you rely on established standards to measure your cyber-security and privacy readiness, which ones do you use? Select one or more - Security for Industrial Automation and Control Systems (ANSI/ISA-62443) |
| s_48_6 |
If you rely on established standards to measure your cyber-security and privacy readiness, which ones do you use? Select one or more - NIST Special Publication 800-53 (NIST SP 800-53) |
| s_48_7 |
If you rely on established standards to measure your cyber-security and privacy readiness, which ones do you use? Select one or more - Payment Card Industry Data Security Standard (PCI DSS) |
| s_48_8 |
If you rely on established standards to measure your cyber-security and privacy readiness, which ones do you use? Select one or more - UK National Cyber Security Centre (NCSC) 10 Steps |
| s_48_9 |
If you rely on established standards to measure your cyber-security and privacy readiness, which ones do you use? Select one or more - UK National Health System (NHS) Digital Data Security and Protection Toolkit |
| s_48_10 |
If you rely on established standards to measure your cyber-security and privacy readiness, which ones do you use? Select one or more - Cyber Assessment Framework (CAF) |
| s_48_11 |
If you rely on established standards to measure your cyber-security and privacy readiness, which ones do you use? Select one or more - Information Assurance Small and Medium Enterprises (IASME) |
| s_48_12 |
If you rely on established standards to measure your cyber-security and privacy readiness, which ones do you use? Select one or more - Host-Based Security System (HBSS) |
| s_48_13 |
If you rely on established standards to measure your cyber-security and privacy readiness, which ones do you use? Select one or more - Structured Threat Information Expressions (STIX) |
| s_48_14 |
If you rely on established standards to measure your cyber-security and privacy readiness, which ones do you use? Select one or more - Assured Compliance Accreditation Solutions (ACAS) |
| s_48_15 |
If you rely on established standards to measure your cyber-security and privacy readiness, which ones do you use? Select one or more - Cyber Federated Model (CFM) |
| s_48_16 |
If you rely on established standards to measure your cyber-security and privacy readiness, which ones do you use? Select one or more - Other, please specify |
| s_5 |
If you rely on established standards to measure your cyber-security and privacy readiness, which ones do you use? Select one or more - Other, please specify |
| s_47_1 |
How is your security and privacy practice defined? Select one or more - Practices to be followed defined at the company level |
| s_47_2 |
How is your security and privacy practice defined? Select one or more - Practices to be followed defined at the project level |
| s_47_3 |
How is your security and privacy practice defined? Select one or more - Practices improved based on previous experience/ projects |
| s_47_4 |
How is your security and privacy practice defined? Select one or more - Other, please specify |
| s_6 |
How is your security and privacy practice defined? Select one or more - Other, please specify |
| s_49 |
Are the methods/ practices/ standards of the company, always followed in all the situations? |
| s_50_1 |
If NO, why? Select one or more - They are not always compatible with the functional requirements of our products |
| s_50_2 |
If NO, why? Select one or more - I feel that they are not very helpful in protecting security and privacy |
| s_50_3 |
If NO, why? Select one or more - They interfere with other workflows in the organisation |
| s_50_4 |
If NO, why? Select one or more - They are too complicated to follow exactly as defined |
| s_50_5 |
If NO, why? Select one or more - We don't have time or resources to follow them exactly as defined |
| s_50_6 |
If NO, why? Select one or more - The management does not think they should be followed exactly as defined |
| s_50_7 |
If NO, why? Select one or more - Other, please specify |
| s_7 |
If NO, why? Select one or more - Other, please specify |
| s_52_1 |
What kind of information do you gather when investigating a cyber-security incident? Select one or more - Network (MAC/IP addresses, domains, and/or packet data) |
| s_52_2 |
What kind of information do you gather when investigating a cyber-security incident? Select one or more - Operating system (type and version) |
| s_52_3 |
What kind of information do you gather when investigating a cyber-security incident? Select one or more - Execution logs |
| s_52_4 |
What kind of information do you gather when investigating a cyber-security incident? Select one or more - Login/logout logs |
| s_52_5 |
What kind of information do you gather when investigating a cyber-security incident? Select one or more - Temporary files |
| s_52_6 |
What kind of information do you gather when investigating a cyber-security incident? Select one or more - Device (identifiers and related information) |
| s_52_7 |
What kind of information do you gather when investigating a cyber-security incident? Select one or more - Closed-circuit recordings |
| s_52_8 |
What kind of information do you gather when investigating a cyber-security incident? Select one or more - Key-logs |
| s_52_9 |
What kind of information do you gather when investigating a cyber-security incident? Select one or more - E-mails |
| s_52_10 |
What kind of information do you gather when investigating a cyber-security incident? Select one or more - Browser history |
| s_52_11 |
What kind of information do you gather when investigating a cyber-security incident? Select one or more - Sensor data |
| s_52_12 |
What kind of information do you gather when investigating a cyber-security incident? Select one or more - Memory data |
| s_52_13 |
What kind of information do you gather when investigating a cyber-security incident? Select one or more - Other, please specify |
| s_8 |
What kind of information do you gather when investigating a cyber-security incident? Select one or more - Other, please specify |
| s_54_1 |
Which policies are adopted to prevent security and privacy problems working remotely? Select one or more - Doing work only through the organisation's VPN |
| s_54_2 |
Which policies are adopted to prevent security and privacy problems working remotely? Select one or more - Having personnel working only on organisation-provided devices |
| s_54_3 |
Which policies are adopted to prevent security and privacy problems working remotely? Select one or more - Ensuring that the data from these services is only stored within the organisation IT infrastructure |
| s_54_4 |
Which policies are adopted to prevent security and privacy problems working remotely? Select one or more - Making sure there is a data agreement with the providers of the remote work services |
| s_54_5 |
Which policies are adopted to prevent security and privacy problems working remotely? Select one or more - Other, please specify |
| s_9 |
Which policies are adopted to prevent security and privacy problems working remotely? Select one or more - Other, please specify |
| s_57 |
Has anything in the security and privacy practices of your organisation changed since the introduction of the GDPR regarding the following aspects? - Which data is collected by the organisation |
| s_58 |
Has anything in the security and privacy practices of your organisation changed since the introduction of the GDPR regarding the following aspects? - How the data subjects are informed about data collection |
| s_59 |
Has anything in the security and privacy practices of your organisation changed since the introduction of the GDPR regarding the following aspects? - How the collected data is stored |
| s_60 |
Has anything in the security and privacy practices of your organisation changed since the introduction of the GDPR regarding the following aspects? - How the collected data is shared |
| s_61 |
Has anything in the security and privacy practices of your organisation changed since the introduction of the GDPR regarding the following aspects? - How the collected data is deleted |
| s_62 |
Has anything in the security and privacy practices of your organisation changed since the introduction of the GDPR regarding the following aspects? - Which controls are provided to the data subjects |
| s_63 |
Does your organisation collect personal data of people outside the organisation (e.g. users, customers, suppliers etc.) |
| s_65_1 |
If your organisation collects personal data, what controls over the collected data are provided to the data subjects? Select one or more - Request an overview of data collected from them |
| s_65_2 |
If your organisation collects personal data, what controls over the collected data are provided to the data subjects? Select one or more - Request to delete the data collected from them |
| s_65_3 |
If your organisation collects personal data, what controls over the collected data are provided to the data subjects? Select one or more - Request to correct the data collected from them |
| s_65_4 |
If your organisation collects personal data, what controls over the collected data are provided to the data subjects? Select one or more - Decide which data they want to share |
| s_65_5 |
If your organisation collects personal data, what controls over the collected data are provided to the data subjects? Select one or more - Other, please specify |
| s_10 |
If your organisation collects personal data, what controls over the collected data are provided to the data subjects? Select one or more - Other, please specify |
| s_90_1 |
Which development method you use (in part or whole) at your company? Select one or more - Classic Waterfall |
| s_90_2 |
Which development method you use (in part or whole) at your company? Select one or more - Iterative development |
| s_90_3 |
Which development method you use (in part or whole) at your company? Select one or more - V-shaped model |
| s_90_4 |
Which development method you use (in part or whole) at your company? Select one or more - Spiral |
| s_90_5 |
Which development method you use (in part or whole) at your company? Select one or more - Scaled Agile (SAFe) |
| s_90_6 |
Which development method you use (in part or whole) at your company? Select one or more - Large-Scale Scrum |
| s_90_7 |
Which development method you use (in part or whole) at your company? Select one or more - Lean Development |
| s_90_8 |
Which development method you use (in part or whole) at your company? Select one or more - XP |
| s_90_9 |
Which development method you use (in part or whole) at your company? Select one or more - Kanban |
| s_90_10 |
Which development method you use (in part or whole) at your company? Select one or more - Devops |
| s_90_11 |
Which development method you use (in part or whole) at your company? Select one or more - Other, please specify |
| s_12 |
Which development method you use (in part or whole) at your company? Select one or more - Other, please specify |
| s_91 |
What is your frequency of software releases? (e.g., Major releases, Minor releases) Select one or more |
| s_92 |
When do you integrate security/ privacy into your development practices? |
| s_13 |
When do you integrate security/ privacy into your development practices? - Other, please specify |
| s_94 |
Do you use any of these tools/ procedures to ensure software reliability, security, and privacy? - Simulation |
| s_114 |
Do you use any of these tools/ procedures to ensure software reliability, security, and privacy? - Testing |
| s_115 |
Do you use any of these tools/ procedures to ensure software reliability, security, and privacy? - Performance analysis and profiling |
| s_116 |
Do you use any of these tools/ procedures to ensure software reliability, security, and privacy? - Core review |
| s_117 |
Do you use any of these tools/ procedures to ensure software reliability, security, and privacy? - Formal verification |
| s_118 |
Do you use any of these tools/ procedures to ensure software reliability, security, and privacy? - Intrusion detection systems |
| s_119 |
Do you use any of these tools/ procedures to ensure software reliability, security, and privacy? - Circuit breakers, load balancers, network isolation |
| s_121 |
Do you use any of these tools/ procedures to ensure software reliability, security, and privacy? - Permission management |
| s_122 |
Do you use any of these tools/ procedures to ensure software reliability, security, and privacy? - Safe-by-design programming languages (e.g., Rust, Haskell) |
| s_123 |
Do you use any of these tools/ procedures to ensure software reliability, security, and privacy? - Blameless post-mortem meetings |
| s_124 |
Do you use any of these tools/ procedures to ensure software reliability, security, and privacy? - Peer-review |
| s_125 |
Do you use any of these tools/ procedures to ensure software reliability, security, and privacy? - Penetration testing |
| s_126 |
Do you use any of these tools/ procedures to ensure software reliability, security, and privacy? - Blu-Red Team exercises |
| s_127 |
Do you use any of these tools/ procedures to ensure software reliability, security, and privacy? - Dev(Sec)Ops |
| s_128 |
Do you use any of these tools/ procedures to ensure software reliability, security, and privacy? - Site Reliability Engineering |
| s_129 |
Do you use any of these tools/ procedures to ensure software reliability, security, and privacy? - Anonymisation of data |
| s_130 |
Do you use any of these tools/ procedures to ensure software reliability, security, and privacy? - Pseudonymisaton of data |
| s_131 |
Do you use any of these tools/ procedures to ensure software reliability, security, and privacy? - Encryption |
| s_132 |
Do you use any of these tools/ procedures to ensure software reliability, security, and privacy? - Timely deletion of data |
| s_133 |
Do you use any further tools/ procedures to ensure software reliability, security, and privacy? |
| s_137 |
Do you use any further tools/ procedures to ensure software reliability, security, and privacy? - Yes, namely : |
| s_96 |
Are the methods/practices /standards for security and privacy protection in the development processes, always followed in all the situations? |
| s_97_1 |
If NO, why? - They are not always compatible with the functional requirements of our products |
| s_97_2 |
If NO, why? - I don't believe that they are helpful in protecting security and privacy |
| s_97_3 |
If NO, why? - They interfere with other workflows of my tasks and responsibilities |
| s_97_4 |
If NO, why? - They are too complicated to follow exactly as defined |
| s_97_5 |
If NO, why? - We don't have time or resources to follow them exactly as defined |
| s_97_6 |
If NO, why? - The management does not think they should be followed exactly as defined |
| s_97_7 |
If NO, why? - Other, please specify |
| s_11_1 |
Which of these behaviours have you practiced yourself or observed among your colleagues? Select one or more - Sharing passwords with friends/ colleagues |
| s_11_2 |
Which of these behaviours have you practiced yourself or observed among your colleagues? Select one or more - Using passwords that are not secure (e.g., less than 12 characters or using family names or dates of birth) |
| s_11_3 |
Which of these behaviours have you practiced yourself or observed among your colleagues? Select one or more - Using the same password for multiple systems |
| s_11_4 |
Which of these behaviours have you practiced yourself or observed among your colleagues? Select one or more - Using personal online storage systems to exchange and/or keep work-related data |
| s_11_5 |
Which of these behaviours have you practiced yourself or observed among your colleagues? Select one or more - Using free-to-access public Wi-Fi to work or with a device containing work-related data |
| s_11_6 |
Which of these behaviours have you practiced yourself or observed among your colleagues? Select one or more - Downloading programs from the Internet without the authorisation of the IT department |
| s_11_7 |
Which of these behaviours have you practiced yourself or observed among your colleagues? Select one or more - Disabling the anti-virus on work computers to download or run programs from the Internet |
| s_11_8 |
Which of these behaviours have you practiced yourself or observed among your colleagues? Select one or more - Accepting friend requests on social media from unknown people |
| s_11_9 |
Which of these behaviours have you practiced yourself or observed among your colleagues? Select one or more - Clicking on links contained in unsolicited emails or from an unknown source |
| s_11_10 |
Which of these behaviours have you practiced yourself or observed among your colleagues? Select one or more - Sending information (personal, work-related) to strangers over the Internet |
| s_67_1 |
What kind of assets of your organisation can be susceptible to a cyber-attack? Select one or more - Customers' and/or suppliers' data |
| s_67_2 |
What kind of assets of your organisation can be susceptible to a cyber-attack? Select one or more - Intellectual property |
| s_67_3 |
What kind of assets of your organisation can be susceptible to a cyber-attack? Select one or more - IT infrastructure |
| s_67_4 |
What kind of assets of your organisation can be susceptible to a cyber-attack? Select one or more - Social media accounts |
| s_67_5 |
What kind of assets of your organisation can be susceptible to a cyber-attack? Select one or more - Physical systems (health, transportation, goods) |
| s_67_6 |
What kind of assets of your organisation can be susceptible to a cyber-attack? Select one or more - Our website |
| s_67_7 |
What kind of assets of your organisation can be susceptible to a cyber-attack? Select one or more - Employees' data |
| s_67_8 |
What kind of assets of your organisation can be susceptible to a cyber-attack? Select one or more - Other, please specify |
| s_11 |
What kind of assets of your organisation can be susceptible to a cyber-attack? Select one or more - Other, please specify |
| s_108 |
How familiar are you with the security and privacy policies your organization wants you to follow? |
| s_109 |
If you are familiar with the security and privacy policies, how challenging are they to follow? |
| s_111 |
If you are familiar with the security and privacy policies, how helpful do you think are they in protecting against security and privacy risks? |
| s_73 |
What is your experience with security and privacy awareness trainings at your company? |
| s_72 |
To what extent has pandemic affected your working style, in particular remote working? |
| s_74 |
If you started working remotely after the pandemic, how challenging do you find it to comply to the security and privacy policies of your organisation regarding remote work? |
| s_87 |
How did your concerns regarding security and privacy in your organizations change because of the pandemic? |
| s_110 |
Do you know how to report a security and privacy incident (such as a cyber attack or a data leak) in your organisation? |
| s_13_1 |
What kind of information do you gather when investigating a cyber-security incident? Select one or more - Network (MAC/IP addresses, domains, and/or packet data) |
| s_13_2 |
What kind of information do you gather when investigating a cyber-security incident? Select one or more - Operating system (type and version) |
| s_13_3 |
What kind of information do you gather when investigating a cyber-security incident? Select one or more - Execution logs |
| s_13_4 |
What kind of information do you gather when investigating a cyber-security incident? Select one or more - Login/logout logs |
| s_13_5 |
What kind of information do you gather when investigating a cyber-security incident? Select one or more - Temporary files |
| s_13_6 |
What kind of information do you gather when investigating a cyber-security incident? Select one or more - Device (identifiers and related information) |
| s_13_7 |
What kind of information do you gather when investigating a cyber-security incident? Select one or more - Closed-circuit recordings |
| s_13_8 |
What kind of information do you gather when investigating a cyber-security incident? Select one or more - Key-logs |
| s_13_9 |
What kind of information do you gather when investigating a cyber-security incident? Select one or more - E-mails |
| s_13_10 |
What kind of information do you gather when investigating a cyber-security incident? Select one or more - Browser history |
| s_13_11 |
What kind of information do you gather when investigating a cyber-security incident? Select one or more - Sensor data |
| s_13_12 |
What kind of information do you gather when investigating a cyber-security incident? Select one or more - Memory data |
| s_13_13 |
What kind of information do you gather when investigating a cyber-security incident? Select one or more - Other, please specify |
| s_4 |
What kind of information do you gather when investigating a cyber-security incident? Select one or more - Other, please specify |
| stato_1 |
Overall Status - New |
| stato_2 |
Overall Status - Distributed |
| stato_3 |
Overall Status - Partially Complete |
| stato_4 |
Overall Status - Complete |
| stato_5 |
Overall Status - Rejected |
| Løbenummer |
Ikke betydningsbærende unikt løbenummer skabt under aflevering til arkiv |