Cybersecurity assessment


Welcome on FEDIL Cybersecurity assessment online tool !

Based on FEDIL-ICT & EY Cybersecurity study, a set of 50 security practices was set to pave the way of companies and organisations in their Cyber security journey and to strengthen broadly the security footprint of Luxembourg. This tool aims at supporting companies and organisations in adopting a common approach in regard to the security objectives, security requirements and security measures across the Luxembourg market.


With this 50 best practices, “business driven”, practical and easy understandable, you will:

  • Bench the risk profile of your company with those of competitors of same size and within same industry to adopt an adapted security roadmap,
  • Be able to assess objectively your current level of security and to be back (e.g. risk analysis) to basics to fill the gaps,
  • Among all best practices, start launching awareness campaigns targeting both in an out of IT organization to engage all your company in the security journey,
  • Keep Luxembourg Cyber community living and continue to share and enrich the catalog of best practices : succeed together!
  • Support FEDIL in identifying areas where there is a need for awareness raising on cybersecurity.

For each section, you should answer the two following questions :

  • What is the minimum standard level of security standards that should be applied ?
  • What is the level of security reached by my company ?

Please, use the following control maturity level rating scale:

  • 1 - Non existant = Control is not designed/documented (i.e. in processes/procedures, dedicated checklist, assessment tool-s) nor implemented.
  • 2 - Initial = Basic, ad-hoc, undocumented; changing capability may be in place with some technology and tools; limited local processes; limited organizational support.
  • 3 - Managed = Partial capability is in place with a combination of some technology and tools; local processes covering some regions/business units or processes are repeatable but may not be good practice or maintained; limited organizational support to implement good practice.
  • 4 - Defined = Defined capability is in place with significant technology and tools for some key resources and people; processes defined for some regions and/or business units; organizational guidance and support is in place for some key regions and/or business units.
  • 5 - Measured = Mature capability is in place with advanced technology and tools for most key resources and people; consistent processes exist for most regions and/or business units; some governance is in place (accountability/ responsibility/ metrics) for most key regions and/or business units.

The first results are based on FEDIL-ICT & EY study which has allowed to draw the first national picture of current level of maturity of the Luxembourg market.