Botium Toys Controls & Compliance Checklist

Overview

This checklist evaluates cybersecurity controls and compliance efforts for Botium Toys, a fictional company undergoing a security assessment. The assessment is based on the goals, scope, and risk report outlined for Botium Toys' environment. The completed controls checklist template is available at: Botium Controls & Compliance Template .

Scope & Objectives

The scope of the review focused on Botium Toys’ internal IT infrastructure and data protection systems. The objectives included identifying current controls, determining their effectiveness, and identifying areas for improvement across authentication, software patching, antivirus use, backup systems, and training.

Control Areas Evaluated

• User Authentication & Account Management
• Security Awareness & Training
• Antivirus Protection
• Data Backup & Recovery
• Vulnerability & Patch Management

Key Findings

• Antivirus software was installed and active on most systems.
• Multi-factor authentication had not yet been implemented company-wide.
• Some backups were not tested regularly, posing potential recovery issues.
• Security awareness training was outdated and inconsistently tracked.

Recommendations

• Implement mandatory MFA across all administrative and user accounts.
• Regularly schedule backup testing and reporting.
• Update the security training curriculum and track completions quarterly.
• Patch management automation should be implemented.

Conclusion

The Botium Toys Controls & Compliance checklist provides a structured view of current controls and highlights the need for focused improvements in authentication, backup testing, and security training. This exercise demonstrates the value of structured control frameworks and regular audits to ensure compliance and minimize risk.

← Back to Portfolio