API Reference

Send Prime One Security Assessment

post
https://api.cowbellcyber.co.uk/api/account/v1/da//questions/add/

Send security assessment responses to Cowbell

Recent Requests
Log in to see full request history
TimeStatusUser Agent
Retrieving recent requests…
LoadingLoading…
Path Params
string
enum
required

productType

Allowed:
string
required

accountId

Body Params
string
enum
required

How often does the organization perform backups of business-critical data?

Allowed:
backupTypes
array of strings
required

At least 1 is required if backupFrequency answer is not NEVER. Allowable values and it's descriptions are,BACKUP_FREQUENCY_SEGMENTED - Segmented(either offline or air-gapped),BACKUP_FREQUENCY_CLOUD - In a cloud service that is secured by login credentials separate from the Computer System credentials and/or requires MFA),BACKUP_FREQUENCY_TESTED_ANNUALLY - Tested at least annually,BACKUP_FREQUENCY_OTHER - Other

backupTypes*
boolean

Are content review procedures conducted by a qualified legal adviser (e.g. solicitor) before information is published and/or disseminated to third parties by the Organisation?

boolean

Has the Organisation conducted copyright and trademark clearance searches for all trade and service marks that are or have been used by the Organisation?

string

Comments on copyrightClearanceSearch

string

Cyber crime comments. Comment if any of these is set to No. (isVerifyingBankAccounts, isPreventingUnauthorizedWireTransfers,isAuthenticatingFundTransferRequests)

boolean
required

Has the Organisation sustained a Cyber Incident in the last five years?

string

Comments on cyberEvent

string
enum
required

Is an EDR tool in place across the Organisation’s Computer System?

Allowed:
string

Comment who is the vendor providing the EDR product? only if edr tool is in place

boolean
required

Is encryption of sensitive information at rest in place?

boolean
required

Is encryption of sensitive information in place for information in transit?

boolean
required

Is encryption of sensitive information in place on mobile devices?

string
enum
required

Are any EOL products in use?

Allowed:
string

Comment on usage with supplemental control information only if eolProducts in use

boolean
required

Is there an established procedure to verify changes to funds transfer instructions using a predetermined phone number of the vendor?

boolean
required

Does the Organisation prevent unauthorised employees from initiating wire transfers?

boolean
required

Does the Organisation verify vendor/supplier bank accounts before adding them to their accounts payable systems?

string
enum
required

Is MFA deployed uniformly across all Admin/Privileged Accounts?

Allowed:
string
enum
required

Is MFA deployed uniformly across all accounts and logins for access to the cloud?

Allowed:
string

Add comments if any, when values set to any of these MFA options (mfaEmail, mfaRemoteSystemAccess, mfaAdminAccounts, mfaCloud, mfaVendor) is set to No or N/A

string
enum
required

Is MFA deployed uniformly across all accounts and logins for access to the email?

Allowed:
string
enum
required

Is MFA deployed uniformly across all accounts and logins for access to the remote systems?

Allowed:
string
enum
required

Is MFA deployed uniformly across all accounts and logins for vendor access to computer systems?

Allowed:
string
enum
required

Is Next Generation Antivirus in place across the Organisation’s Computer System?

Allowed:
string

Who is the vendor providing the NGAV product?

string

Add comments if, BACKUP_FREQUENCY_OTHER is set as one of values for backupTypes

string
enum
required

How often does the Organisation apply updates to Computer Systems and applications when a patch is released?

Allowed:
boolean
required

Does the Organisation have the written Business Continuity plan, in place and tested at least annually, related to a potential interruption of their Computer Systems?

boolean
required

Does the Organisation have the written Disaster Recovery plan, in place and tested at least annually, related to a potential interruption of their Computer Systems?

boolean
required

Does the Organisation have the written Incidence Response plan, in place and tested at least annually, related to a potential interruption of their Computer Systems?

string

Comments pertaining to contingency plans i.e. Disaster Recovery, Incidence Response, Business Continuity

string
enum
required

Does the Organisation have a current in-force Cyber insurance policy?

Allowed:
boolean
required

Is the Organisation or any person aware of any prior or pending circumstances that could lead to a claim under the proposed policy?

string

Comments on priorOrPendingClaimCircumstances

boolean
required

In the past five years, has the Organisation been subject to litigation resulting from a privacy incident? This includes regulatory and civil action.

string

Comments on privacyLitigation

boolean
required

Is cybersecurity training required for all employees with Computer System access at least annually?

boolean
required

During the last three years, has the Organisation suffered loss of business income as a result of unscheduled system downtime?

string

Comments on unscheduledSystemDowntime

boolean
required

Does the Organisation have a vendor management programme to ensure third parties' levels of security are commensurate with the Organisation's cybersecurity standard?

Responses

403

Forbidden

Updated 10 months ago

Language
URL
LoadingLoading…
Response
Choose an example:
application/json

Updated 10 months ago