SlideShare ist ein Scribd-Unternehmen logo

Security Policy Checklist

•
•
B
backdoor
Wirtschaft & FinanzenTechnologie
1 von 7
Downloaden Sie, um offline zu lesen
Checklist: IT Security Policy Version 1.0 April 27, 2005 By David M Davis, CCIE, MCSE Every organization, large or small, needs a solid IT Security Policy. The following comprehensive checklist can help you get started in creating a policy, or it can help audit the one you already have. This checklist, based on suggestions submitted by TechRepublic members, covers a wide variety of technologies and issues, and provides some helpful recommendations. Planning Item Notes Web browsing Document the central point of control for Web browsing. Perhaps it is a proxy server, a router, or a firewall. Document who has access to determine who can perform Web browsing, what Web sites users can access, and when they can access those sites. Some newer Web browsing content control systems can even categorize sites and control who can access certain categories of sites and for how long (i.e. Joe can only access news sites for 20 minutes per day). Document the method for reporting who is browsing the Web, what sites they are visiting, who those reports will be delivered to, and how often. Document what the process is if an employee visits improper sites or engages in excessive Web browsing, and define those two actions. Also, is it the job of IT to notify their supervisor? Log all Web browsing activity, making sure to record the username, and make it clear in the policy that this is a company practice. Ensure that all employees are aware of the company’s Web browsing policy. This is important since most employees will browse the Web everyday and the security policy about Web browsing is something that will most likely affect them. Implement Windows Group Policy settings (if using Active Directory) on Internet Explorer to strengthen end user systems and protect from some malicious Web content. For example, using GPO you can standardize Windows IE settings throughout the company to that browsers do not download unsigned ActiveX components. Make it a company policy not to download unsigned ActiveX controls unless they are approved by IT Put download security software in place to prevent adware, malware, and spyware from being unknowingly installed on users’ machines. Use this download security software to block/quarantine certain types of downloads (perhaps MP3s or videos) and to scan other downloads for viruses. Page 1 Copyright ©2005 CNET Networks, Inc. All rights reserved. For more downloads and a free TechRepublic membership, please visit http://techrepublic.com.com/2001-6240-0.html
Checklist: IT Security Policy Username and passwords Implement complex password requirements. This can be done with a Windows policy. Using a Group Policy (if possible), force passwords to be reasonable long, to expire every few months, to prevent the reuse of old passwords, and to lock out users with too many failed logins. Log successful and failed logins and logouts. This is especially important for administrator accounts. Consider renaming the default quot;Administratorquot; account so that it is less of a target for password cracking. Consider using Single-Sign-On (SSO) so that all users only have one username/password to remember for all applications. This is only important if you have multiple username/password databases for authentication (such as Windows, Linux/UNIX, and Novell) or if you have different applications with their own username/password database. Document your policy on usernames and passwords and educate users on the proper use of them. Periodically perform in-house password cracking attempts on administrator accounts to test the strength of passwords. This can be done with a tool such as L0ptcrack. Instant Messaging Seriously consider blocking all instant messaging (IM) unless it is needed for business reasons. If IM is needed for business reasons, implement a program to control who can use it, what software they can use, and log all conversations. Programs that do this can also control the content that is passed through the IM conversations and whether they can send/receive downloads through IM (which can open up the company to virus, malware, and privacy concerns). Document and educate users on your IM policies. E-Mail Document what level of storage will be required from each e- mail user. Determine what will be the consequences when an e-mail user exceeds their quota (such as preventing them from sending and/or receiving email). Control external access to internal groups (such as “all employees”). Consider performing e-mail content control to prevent trade secrets or confidential information from exiting the company. Page 2 Copyright ©2005 CNET Networks, Inc. All rights reserved. For more downloads and a free TechRepublic membership, please visit http://techrepublic.com.com/2001-6240-0.html
Checklist: IT Security Policy Implement a corporate e-mail anti-spam program. Educate users on the proper use of e-mail and how they should not give out their e-mail address to companies that might send them spam. Educate users on what to do if they do receive spam. Implement e-mail antivirus scanning Implement an email archiving program. Depending on the advice of your company’s legal team, the archive program may be used more to destroy email at set expiration dates instead of preserving email. The other function of the archiving program is to control the size of the email database. Develop a policy on using company e-mail for personal use (including the forwarding of jokes and chain letters) and decide what is quot;acceptable use.quot; Educate users on this policy. Educate users on “phishing” scams to help prevent identity theft. File access permissions Document who the owners are for critical files. These will be the persons who determine who has access to what. Determining who has access to what should not be an IT function. The function of IT is to configure that access within the operating system or application once it is determined. Watch out for shares with the default permission quot;Everyone.quot; Consider logging success and failure access and modifications to files. Backups Document what data needs to be backed up, how often it should be backed up, and how long it should be retained. Document how often a test should be done to ensure that the backups are restorable. Consider encrypting backup tapes so that the data cannot be recovered if they are lost or stolen. Ensure that backups are taken offsite. Consider a service that will do this for you. Crisis management and Disaster recovery Develop a crisis management plan. This plan should cover not just an IT crisis but any crisis that may occur. This should include natural disasters and terrorist attacks. Page 3 Copyright ©2005 CNET Networks, Inc. All rights reserved. For more downloads and a free TechRepublic membership, please visit http://techrepublic.com.com/2001-6240-0.html
Checklist: IT Security Policy Develop an IT disaster recovery plan. This plan must be periodically tested. We won’t go into how to create a disaster recovery plan, as that is outside of the scope of this document. However, this document can help. Physical Document what physical security controls are in place for IT security. Does the datacenter/server room have locks on the doors? Are they electronic locks with a log of who goes in and out? Does the room have windows that could be broken? How resilient would it be to a flood, tornado, or power outage? Are there UPS and generators in place? What sort of fire protection does the datacenter/server room have? Also, consider video surveillance. Keep in mind that this only covers IT assets and does not cover physical security for the entire company. Ensure against physical access to a console that can connect to servers, routers, and/or switches. PCs and laptops Document the controls on PCs and laptops. Users should not have administrator privilege on their local PCs, unless there is a stated business need for it (e.g. to run a business application). Users should always log onto the domain and not have a local account, if possible. Use file encryption so that if a PC or laptop is lost or stolen, its data cannot be read. Run antivirus and anti-spyware on all PCs and laptops Consider a personal firewall on laptops because they will travel from network to network. Implement Windows Group Policy security controls to lock down what users can do on PCs and laptops. For instance, preventing users from being able to install programs. Develop a procedure to ensure that PCs and laptops have the latest patches installed. Develop a policy on USB removable devices. These are a major security risk because they can easily be used to remove large amounts of data, including corporate secrets. Remote access Control who has access to dial-up and VPN remote access. Only set up permissions for those who truly need it. The list should be as short as possible. Document the company’s policy on remote access Page 4 Copyright ©2005 CNET Networks, Inc. All rights reserved. For more downloads and a free TechRepublic membership, please visit http://techrepublic.com.com/2001-6240-0.html
Checklist: IT Security Policy Log the success and failure of logins for remote access Periodically have a 3rd party company perform a penetration test on any dial-up remote access methods. Implement a method to ensure that clients connecting through remote access have the proper antivirus and patches installed to prevent them from infecting the company’s systems. Document whether remote VPN users can have a split tunnel. Consider using access tokens as a secondary authentication method for remote access. This way, if a username and password are stolen, they still cannot be used to gain access to the network without the token. Servers, routers, and switches Run antivirus anti-spyware software on servers Ensure that servers, routers, and switches have the latest patches installed. Log the events from these devices to a central logging server. Run performance monitoring software so that you can be alerted if something abnormal happens on the servers or the network. Many times, this can be an indication of a security breach or another critical problem. Document who has administrator/root level access on these devices and how often the password is changed. Document what privilege and access method will be given to vendors who need access to support and/or change servers and network devices. Document the security around the software development and testing environment, as well as the server and network device testing environment. Harden servers and network devices based on guidelines that are available from sites like the NSA. Internet / external network Periodically (I suggest quarterly) have a 3rd party company perform a penetration test on your Internet connection (or connections). Protect the internal network and the DMZ from the external network with a stateful firewall. Log what the firewall denies from coming into the network. Document the firewall rules with explanations, and make firewall configurations consistent across different segments. Use an Intrusion Prevention System to stop malicious attacks that would have, otherwise, gotten through the firewall. Page 5 Copyright ©2005 CNET Networks, Inc. All rights reserved. For more downloads and a free TechRepublic membership, please visit http://techrepublic.com.com/2001-6240-0.html
Checklist: IT Security Policy Ensure that you have the fewest number of Internet connections as possible (including dial-up connections). Every Internet connection is an avenue for a malicious attacker to get into your network. Consider implementing a Security Information Management (SIM) in your network as a central repository for security information that will do event correlation and alerting. Wireless Periodically have a 3rd party company perform a penetration test on your wireless networks. Ensure that you are using the strongest form of WEP encryption possible. Consider a wireless security product that will help to prevent wireless signals from leaving your building or office and will control rogue access points on your network. Consider using 802.1X authentication as a secondary authentication method for any wireless users (besides WEP key). Consider putting the wireless network in the DMZ and forcing users to connect to it via a VPN connection. Document the wireless security policy and educate users on it. Logging Implement a centralized logging server Document how information is logged, who can view the logs, and how long those logs are kept. Various sections above cover what specifically should be logged. PDA and cell phone Document proper and improper company use of cellular phones and PDA’s. Consider using a product that will “remote kill” a lost PDA or cell phone and render its data useless. Document what types of cellular phones will be supported and who will support them. Documentation and change management Document who will control the changes made to the security policy and who will keep the documentation up to date. Document the process that changes must go through before they can be implemented. Page 6 Copyright ©2005 CNET Networks, Inc. All rights reserved. For more downloads and a free TechRepublic membership, please visit http://techrepublic.com.com/2001-6240-0.html
Checklist: IT Security Policy David Davis manages a group of systems/network administrators for a privately owned retail company. He also does networking/systems consulting on a part-time basis. His certifications include IBM Certified Professional-AIX Support, MCSE+Internet, Sun Certified Solaris Admin (SCSA), Certified Information Systems Security Professional (CISSP), Cisco CCNA, CCDA, and CCNP. He is also Cisco CCIE #9369. Additional resources • Sign up for our Security Solutions newsletter, delivered on Fridays • Sign up for our IT Management newsletter, delivered on Tuesdays, Thursdays, and Fridays • Check out all of TechRepublic's newsletter offerings. • Information Security Policy (TechRepublic download) • Sample PDA IT support policy (TechRepublic download) • Disaster recovery plan template (TechRepublic download) • Crisis communications policy (TechRepublic download) Version history Version: 1.0 Published: April 27, 2005 Tell us what you think TechRepublic downloads are designed to help you get your job done as painlessly and effectively as possible. Because we're continually looking for ways to improve the usefulness of these tools, we need your feedback. Please take a minute to drop us a line and tell us how well this download worked for you and offer your suggestions for improvement. Thanks! —The TechRepublic Downloads Team Page 7 Copyright ©2005 CNET Networks, Inc. All rights reserved. For more downloads and a free TechRepublic membership, please visit http://techrepublic.com.com/2001-6240-0.html

Empfohlen

Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awarenessJason Murray
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
It security and awareness training 5 10-2018
It security and awareness training 5 10-2018It security and awareness training 5 10-2018
It security and awareness training 5 10-2018jubke
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
 
Security awareness
Security awarenessSecurity awareness
Security awarenessJosh Chandler
 
Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08DallasHaselhorst
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 
Email_Security Gateway.pptx
Email_Security Gateway.pptxEmail_Security Gateway.pptx
Email_Security Gateway.pptxssuser651fd4
 

Empfohlen

Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awarenessJason Murray
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
It security and awareness training 5 10-2018
It security and awareness training 5 10-2018It security and awareness training 5 10-2018
It security and awareness training 5 10-2018jubke
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
 
Security awareness
Security awarenessSecurity awareness
Security awarenessJosh Chandler
 
Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08DallasHaselhorst
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 
Email_Security Gateway.pptx
Email_Security Gateway.pptxEmail_Security Gateway.pptx
Email_Security Gateway.pptxssuser651fd4
 
Secure Your Encryption with HSM
Secure Your Encryption with HSMSecure Your Encryption with HSM
Secure Your Encryption with HSMNarudom Roongsiriwong, CISSP
 
Developing an Information Security Program
Developing an Information Security ProgramDeveloping an Information Security Program
Developing an Information Security ProgramShauna_Cox
 
Introduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityIntroduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityAndrew Wong
 
CISSP 8 Domains.pdf
CISSP 8 Domains.pdfCISSP 8 Domains.pdf
CISSP 8 Domains.pdfdotco
 
Sicurezza Informatica
Sicurezza InformaticaSicurezza Informatica
Sicurezza InformaticaMario Varini
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Frameworkn|u - The Open Security Community
 
Mobile security
Mobile securityMobile security
Mobile securityTapan Khilar
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)danb02
 
Cybersecurity Awareness Training Presentation v1.1
Cybersecurity Awareness Training Presentation v1.1Cybersecurity Awareness Training Presentation v1.1
Cybersecurity Awareness Training Presentation v1.1DallasHaselhorst
 
Mobile device privacy and security
Mobile device privacy and securityMobile device privacy and security
Mobile device privacy and securityImran Khan
 
Cyber Security Emerging Threats
Cyber Security Emerging ThreatsCyber Security Emerging Threats
Cyber Security Emerging Threatsisc2dfw
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessRamiro Cid
 
Application Security Verification Standard Project
Application Security Verification Standard ProjectApplication Security Verification Standard Project
Application Security Verification Standard ProjectNarudom Roongsiriwong, CISSP
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by FortinetAtlantic Training, LLC.
 
Making App Security and Delivery Ridiculously Easy
Making App Security and Delivery Ridiculously EasyMaking App Security and Delivery Ridiculously Easy
Making App Security and Delivery Ridiculously EasyCristian Garcia G.
 
Spywares & Keyloggers
Spywares & KeyloggersSpywares & Keyloggers
Spywares & KeyloggersJithin James
 
Fortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationFortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationNCS Computech Ltd.
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationMcKonly & Asbury, LLP
 
Cyber Security
Cyber SecurityCyber Security
Cyber Securityrahulbhardwaj312501
 
Modern Requirements and Solutions for Privileged Access Management (PAM)
Modern Requirements and Solutions for Privileged Access Management (PAM)Modern Requirements and Solutions for Privileged Access Management (PAM)
Modern Requirements and Solutions for Privileged Access Management (PAM)Enterprise Management Associates
 
Audit Checklist for Information Systems
Audit Checklist for Information SystemsAudit Checklist for Information Systems
Audit Checklist for Information SystemsAhmad Tariq Bhatti
 
Common Test Problems Checklist
Common Test Problems ChecklistCommon Test Problems Checklist
Common Test Problems ChecklistDonald Firesmith
 

Weitere ähnliche Inhalte

Was ist angesagt?

Developing an Information Security Program
Developing an Information Security ProgramDeveloping an Information Security Program
Developing an Information Security ProgramShauna_Cox
 
Introduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityIntroduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityAndrew Wong
 
CISSP 8 Domains.pdf
CISSP 8 Domains.pdfCISSP 8 Domains.pdf
CISSP 8 Domains.pdfdotco
 
Sicurezza Informatica
Sicurezza InformaticaSicurezza Informatica
Sicurezza InformaticaMario Varini
 
Mobile security
Mobile securityMobile security
Mobile securityTapan Khilar
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)danb02
 
Cybersecurity Awareness Training Presentation v1.1
Cybersecurity Awareness Training Presentation v1.1Cybersecurity Awareness Training Presentation v1.1
Cybersecurity Awareness Training Presentation v1.1DallasHaselhorst
 
Mobile device privacy and security
Mobile device privacy and securityMobile device privacy and security
Mobile device privacy and securityImran Khan
 
Cyber Security Emerging Threats
Cyber Security Emerging ThreatsCyber Security Emerging Threats
Cyber Security Emerging Threatsisc2dfw
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessRamiro Cid
 
Application Security Verification Standard Project
Application Security Verification Standard ProjectApplication Security Verification Standard Project
Application Security Verification Standard ProjectNarudom Roongsiriwong, CISSP
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by FortinetAtlantic Training, LLC.
 
Making App Security and Delivery Ridiculously Easy
Making App Security and Delivery Ridiculously EasyMaking App Security and Delivery Ridiculously Easy
Making App Security and Delivery Ridiculously EasyCristian Garcia G.
 
Spywares & Keyloggers
Spywares & KeyloggersSpywares & Keyloggers
Spywares & KeyloggersJithin James
 
Fortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationFortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationNCS Computech Ltd.
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationMcKonly & Asbury, LLP
 
Modern Requirements and Solutions for Privileged Access Management (PAM)
Modern Requirements and Solutions for Privileged Access Management (PAM)Modern Requirements and Solutions for Privileged Access Management (PAM)
Modern Requirements and Solutions for Privileged Access Management (PAM)Enterprise Management Associates
 

Was ist angesagt? (20)

Secure Your Encryption with HSM
Secure Your Encryption with HSMSecure Your Encryption with HSM
Secure Your Encryption with HSM
 
Developing an Information Security Program
Developing an Information Security ProgramDeveloping an Information Security Program
Developing an Information Security Program
 
Introduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityIntroduction - Trend Micro Deep Security
Introduction - Trend Micro Deep Security
 
CISSP 8 Domains.pdf
CISSP 8 Domains.pdfCISSP 8 Domains.pdf
CISSP 8 Domains.pdf
 
Sicurezza Informatica
Sicurezza InformaticaSicurezza Informatica
Sicurezza Informatica
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Framework
 
Mobile security
Mobile securityMobile security
Mobile security
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)
 
Cybersecurity Awareness Training Presentation v1.1
Cybersecurity Awareness Training Presentation v1.1Cybersecurity Awareness Training Presentation v1.1
Cybersecurity Awareness Training Presentation v1.1
 
Mobile device privacy and security
Mobile device privacy and securityMobile device privacy and security
Mobile device privacy and security
 
Cyber Security Emerging Threats
Cyber Security Emerging ThreatsCyber Security Emerging Threats
Cyber Security Emerging Threats
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 
Application Security Verification Standard Project
Application Security Verification Standard ProjectApplication Security Verification Standard Project
Application Security Verification Standard Project
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by Fortinet
 
Making App Security and Delivery Ridiculously Easy
Making App Security and Delivery Ridiculously EasyMaking App Security and Delivery Ridiculously Easy
Making App Security and Delivery Ridiculously Easy
 
Spywares & Keyloggers
Spywares & KeyloggersSpywares & Keyloggers
Spywares & Keyloggers
 
Fortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationFortinet FortiOS 5 Presentation
Fortinet FortiOS 5 Presentation
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your Organization
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Modern Requirements and Solutions for Privileged Access Management (PAM)
Modern Requirements and Solutions for Privileged Access Management (PAM)Modern Requirements and Solutions for Privileged Access Management (PAM)
Modern Requirements and Solutions for Privileged Access Management (PAM)
 

Andere mochten auch

Audit Checklist for Information Systems
Audit Checklist for Information SystemsAudit Checklist for Information Systems
Audit Checklist for Information SystemsAhmad Tariq Bhatti
 
Common Test Problems Checklist
Common Test Problems ChecklistCommon Test Problems Checklist
Common Test Problems ChecklistDonald Firesmith
 
Hipaa checklist - information security
Hipaa checklist - information securityHipaa checklist - information security
Hipaa checklist - information securityVijay Sekar
 
Security Incident Log Review Checklist by Dr Anton Chuvakin and Lenny Zeltser
Security Incident Log Review Checklist by Dr Anton Chuvakin and Lenny ZeltserSecurity Incident Log Review Checklist by Dr Anton Chuvakin and Lenny Zeltser
Security Incident Log Review Checklist by Dr Anton Chuvakin and Lenny ZeltserAnton Chuvakin
 
Presentation: To an efficient tool for securing the card data on the Cloud: C...
Presentation: To an efficient tool for securing the card data on the Cloud: C...Presentation: To an efficient tool for securing the card data on the Cloud: C...
Presentation: To an efficient tool for securing the card data on the Cloud: C...Hassan EL ALLOUSSI
 
HR Audit with checklist
HR Audit with checklistHR Audit with checklist
HR Audit with checklistMarkos Mulat G
 
Developing a Security Policy That Will Survive
Developing a Security Policy That Will SurviveDeveloping a Security Policy That Will Survive
Developing a Security Policy That Will Survivedigitallibrary
 
Ceh v5 module 17 physical security
Ceh v5 module 17 physical securityCeh v5 module 17 physical security
Ceh v5 module 17 physical securityVi TĂ­nh HoĂ ng Nam
 
דוגמה לסקר סיכונים
דוגמה לסקר סיכוניםדוגמה לסקר סיכונים
דוגמה לסקר סיכוניםMoziBouton-Safety
 
SDLC
SDLCSDLC
SDLCjamzak
 
It infrastructure management
It infrastructure managementIt infrastructure management
It infrastructure managementShoaib Patel
 
Mergers & Acquisitions It Implications
Mergers & Acquisitions It ImplicationsMergers & Acquisitions It Implications
Mergers & Acquisitions It Implicationsllangin
 
101 01-f07 assessment checklist - rev 1 - soaf
101 01-f07 assessment checklist - rev 1 - soaf101 01-f07 assessment checklist - rev 1 - soaf
101 01-f07 assessment checklist - rev 1 - soafchelliah selvavishnu
 
Penetration testing dont just leave it to chance
Penetration testing dont just leave it to chancePenetration testing dont just leave it to chance
Penetration testing dont just leave it to chanceDr. Anish Cheriyan (PhD)
 
Preparing for Infrastructure Management (Part 1)
Preparing for Infrastructure Management (Part 1)Preparing for Infrastructure Management (Part 1)
Preparing for Infrastructure Management (Part 1)Shipra Swati
 
EHR meaningful use security risk assessment sample document
EHR meaningful use security risk assessment sample documentEHR meaningful use security risk assessment sample document
EHR meaningful use security risk assessment sample documentdata brackets
 
Secretarial audit checklist
Secretarial audit checklistSecretarial audit checklist
Secretarial audit checklistProglobalcorp India
 
It infrastructure manager performance appraisal
It infrastructure manager performance appraisalIt infrastructure manager performance appraisal
It infrastructure manager performance appraisalremus853
 

Andere mochten auch (20)

Audit Checklist for Information Systems
Audit Checklist for Information SystemsAudit Checklist for Information Systems
Audit Checklist for Information Systems
 
Common Test Problems Checklist
Common Test Problems ChecklistCommon Test Problems Checklist
Common Test Problems Checklist
 
Hipaa checklist - information security
Hipaa checklist - information securityHipaa checklist - information security
Hipaa checklist - information security
 
Security Incident Log Review Checklist by Dr Anton Chuvakin and Lenny Zeltser
Security Incident Log Review Checklist by Dr Anton Chuvakin and Lenny ZeltserSecurity Incident Log Review Checklist by Dr Anton Chuvakin and Lenny Zeltser
Security Incident Log Review Checklist by Dr Anton Chuvakin and Lenny Zeltser
 
Presentation: To an efficient tool for securing the card data on the Cloud: C...
Presentation: To an efficient tool for securing the card data on the Cloud: C...Presentation: To an efficient tool for securing the card data on the Cloud: C...
Presentation: To an efficient tool for securing the card data on the Cloud: C...
 
HR Audit with checklist
HR Audit with checklistHR Audit with checklist
HR Audit with checklist
 
Developing a Security Policy That Will Survive
Developing a Security Policy That Will SurviveDeveloping a Security Policy That Will Survive
Developing a Security Policy That Will Survive
 
Ceh v5 module 17 physical security
Ceh v5 module 17 physical securityCeh v5 module 17 physical security
Ceh v5 module 17 physical security
 
דוגמה לסקר סיכונים
דוגמה לסקר סיכוניםדוגמה לסקר סיכונים
דוגמה לסקר סיכונים
 
SDLC
SDLCSDLC
SDLC
 
It infrastructure management
It infrastructure managementIt infrastructure management
It infrastructure management
 
develop security policy
develop security policydevelop security policy
develop security policy
 
Mergers & Acquisitions It Implications
Mergers & Acquisitions It ImplicationsMergers & Acquisitions It Implications
Mergers & Acquisitions It Implications
 
101 01-f07 assessment checklist - rev 1 - soaf
101 01-f07 assessment checklist - rev 1 - soaf101 01-f07 assessment checklist - rev 1 - soaf
101 01-f07 assessment checklist - rev 1 - soaf
 
ISO/IEC 27001:2005 naar ISO 27001:2013 Checklist
ISO/IEC 27001:2005 naar ISO 27001:2013 ChecklistISO/IEC 27001:2005 naar ISO 27001:2013 Checklist
ISO/IEC 27001:2005 naar ISO 27001:2013 Checklist
 
Penetration testing dont just leave it to chance
Penetration testing dont just leave it to chancePenetration testing dont just leave it to chance
Penetration testing dont just leave it to chance
 
Preparing for Infrastructure Management (Part 1)
Preparing for Infrastructure Management (Part 1)Preparing for Infrastructure Management (Part 1)
Preparing for Infrastructure Management (Part 1)
 
EHR meaningful use security risk assessment sample document
EHR meaningful use security risk assessment sample documentEHR meaningful use security risk assessment sample document
EHR meaningful use security risk assessment sample document
 
Secretarial audit checklist
Secretarial audit checklistSecretarial audit checklist
Secretarial audit checklist
 
It infrastructure manager performance appraisal
It infrastructure manager performance appraisalIt infrastructure manager performance appraisal
It infrastructure manager performance appraisal
 

Ă„hnlich wie Security Policy Checklist

Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxProject Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxwkyra78
 
Elementary-Information-Security-Practices
Elementary-Information-Security-PracticesElementary-Information-Security-Practices
Elementary-Information-Security-PracticesOctogence
 
The 10 Commandments of Computer Security
The 10 Commandments of Computer SecurityThe 10 Commandments of Computer Security
The 10 Commandments of Computer SecurityTechvera
 
Dr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should KnowDr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should KnowNuuko, Inc.
 
Information Technology Question.pdf
Information Technology Question.pdfInformation Technology Question.pdf
Information Technology Question.pdfbkbk37
 
In computer security, a vulnerability is a weakness which allows an .pdf
In computer security, a vulnerability is a weakness which allows an .pdfIn computer security, a vulnerability is a weakness which allows an .pdf
In computer security, a vulnerability is a weakness which allows an .pdfanandanand521251
 
5 ways to strengthen cybersecurity in the workplace
5 ways to strengthen cybersecurity in the workplace5 ways to strengthen cybersecurity in the workplace
5 ways to strengthen cybersecurity in the workplaceSameerShaik43
 
How to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docxHow to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docxNeilStark1
 
How to Secure Your Enterprise Network.pdf
How to Secure Your Enterprise Network.pdfHow to Secure Your Enterprise Network.pdf
How to Secure Your Enterprise Network.pdfNeilStark1
 
How to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docxHow to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docxNeilStark1
 
Security Plan for Small Networks/Offices
Security Plan for Small Networks/Offices Security Plan for Small Networks/Offices
Security Plan for Small Networks/Offices Ajay Jassi
 
Proatively Engaged: Questions Executives Should Ask Their Security Teams
Proatively Engaged: Questions Executives Should Ask Their Security TeamsProatively Engaged: Questions Executives Should Ask Their Security Teams
Proatively Engaged: Questions Executives Should Ask Their Security TeamsFireEye, Inc.
 
NCSC_A5_Small_Business_Guide_v4_OCT20.pdf
NCSC_A5_Small_Business_Guide_v4_OCT20.pdfNCSC_A5_Small_Business_Guide_v4_OCT20.pdf
NCSC_A5_Small_Business_Guide_v4_OCT20.pdfPolicypros.co.uk
 
Complete network security protection for sme's within limited resources
Complete network security protection for sme's within limited resourcesComplete network security protection for sme's within limited resources
Complete network security protection for sme's within limited resourcesIJNSA Journal
 
SMB Network Security Checklist
SMB Network Security Checklist SMB Network Security Checklist
SMB Network Security ChecklistMobeen Khan
 
JavaOne2013: Secure Engineering Practices for Java
JavaOne2013: Secure Engineering Practices for JavaJavaOne2013: Secure Engineering Practices for Java
JavaOne2013: Secure Engineering Practices for JavaChris Bailey
 
6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight BackMTG IT Professionals
 
How Organizations can Secure Their Database From External Attacks
How Organizations can Secure Their Database From External AttacksHow Organizations can Secure Their Database From External Attacks
How Organizations can Secure Their Database From External AttacksEmmanuel Oshogwe Akpeokhai
 
NCSC_SBG_Actions.pdf
NCSC_SBG_Actions.pdfNCSC_SBG_Actions.pdf
NCSC_SBG_Actions.pdfPolicypros.co.uk
 
Securing your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEsSecuring your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEsSonny Hashmi
 

Ă„hnlich wie Security Policy Checklist (20)

Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxProject Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docx
 
Elementary-Information-Security-Practices
Elementary-Information-Security-PracticesElementary-Information-Security-Practices
Elementary-Information-Security-Practices
 
The 10 Commandments of Computer Security
The 10 Commandments of Computer SecurityThe 10 Commandments of Computer Security
The 10 Commandments of Computer Security
 
Dr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should KnowDr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should Know
 
Information Technology Question.pdf
Information Technology Question.pdfInformation Technology Question.pdf
Information Technology Question.pdf
 
In computer security, a vulnerability is a weakness which allows an .pdf
In computer security, a vulnerability is a weakness which allows an .pdfIn computer security, a vulnerability is a weakness which allows an .pdf
In computer security, a vulnerability is a weakness which allows an .pdf
 
5 ways to strengthen cybersecurity in the workplace
5 ways to strengthen cybersecurity in the workplace5 ways to strengthen cybersecurity in the workplace
5 ways to strengthen cybersecurity in the workplace
 
How to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docxHow to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docx
 
How to Secure Your Enterprise Network.pdf
How to Secure Your Enterprise Network.pdfHow to Secure Your Enterprise Network.pdf
How to Secure Your Enterprise Network.pdf
 
How to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docxHow to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docx
 
Security Plan for Small Networks/Offices
Security Plan for Small Networks/Offices Security Plan for Small Networks/Offices
Security Plan for Small Networks/Offices
 
Proatively Engaged: Questions Executives Should Ask Their Security Teams
Proatively Engaged: Questions Executives Should Ask Their Security TeamsProatively Engaged: Questions Executives Should Ask Their Security Teams
Proatively Engaged: Questions Executives Should Ask Their Security Teams
 
NCSC_A5_Small_Business_Guide_v4_OCT20.pdf
NCSC_A5_Small_Business_Guide_v4_OCT20.pdfNCSC_A5_Small_Business_Guide_v4_OCT20.pdf
NCSC_A5_Small_Business_Guide_v4_OCT20.pdf
 
Complete network security protection for sme's within limited resources
Complete network security protection for sme's within limited resourcesComplete network security protection for sme's within limited resources
Complete network security protection for sme's within limited resources
 
SMB Network Security Checklist
SMB Network Security Checklist SMB Network Security Checklist
SMB Network Security Checklist
 
JavaOne2013: Secure Engineering Practices for Java
JavaOne2013: Secure Engineering Practices for JavaJavaOne2013: Secure Engineering Practices for Java
JavaOne2013: Secure Engineering Practices for Java
 
6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back
 
How Organizations can Secure Their Database From External Attacks
How Organizations can Secure Their Database From External AttacksHow Organizations can Secure Their Database From External Attacks
How Organizations can Secure Their Database From External Attacks
 
NCSC_SBG_Actions.pdf
NCSC_SBG_Actions.pdfNCSC_SBG_Actions.pdf
NCSC_SBG_Actions.pdf
 
Securing your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEsSecuring your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEs
 

Mehr von backdoor

Java Database Connectivity
Java Database ConnectivityJava Database Connectivity
Java Database Connectivitybackdoor
 
Distributed Programming using RMI
Distributed Programming using RMI Distributed Programming using RMI
Distributed Programming using RMIbackdoor
 
Programming Server side with Sevlet
Programming Server side with Sevlet Programming Server side with Sevlet
Programming Server side with Sevlet backdoor
 
Distributed Programming using RMI
Distributed Programming using RMIDistributed Programming using RMI
Distributed Programming using RMIbackdoor
 
Client Side Programming with Applet
Client Side Programming with AppletClient Side Programming with Applet
Client Side Programming with Appletbackdoor
 
Java Network Programming
Java Network ProgrammingJava Network Programming
Java Network Programmingbackdoor
 
Windows Programming with Swing
Windows Programming with SwingWindows Programming with Swing
Windows Programming with Swingbackdoor
 
Windows Programming with AWT
Windows Programming with AWTWindows Programming with AWT
Windows Programming with AWTbackdoor
 
Multithreading
MultithreadingMultithreading
Multithreadingbackdoor
 
Object and Classes in Java
Object and Classes in JavaObject and Classes in Java
Object and Classes in Javabackdoor
 
IO and serialization
IO and serializationIO and serialization
IO and serializationbackdoor
 
Exception Handling
Exception HandlingException Handling
Exception Handlingbackdoor
 
Java Intro
Java IntroJava Intro
Java Introbackdoor
 
Object Oriented Programming with Java
Object Oriented Programming with JavaObject Oriented Programming with Java
Object Oriented Programming with Javabackdoor
 
AWT Program output
AWT Program outputAWT Program output
AWT Program outputbackdoor
 
Net Man
Net ManNet Man
Net Manbackdoor
 
Data Security
Data SecurityData Security
Data Securitybackdoor
 
Ne Course Part One
Ne Course Part OneNe Course Part One
Ne Course Part Onebackdoor
 
Ne Course Part Two
Ne Course Part TwoNe Course Part Two
Ne Course Part Twobackdoor
 
Net Sec
Net SecNet Sec
Net Secbackdoor
 

Mehr von backdoor (20)

Java Database Connectivity
Java Database ConnectivityJava Database Connectivity
Java Database Connectivity
 
Distributed Programming using RMI
Distributed Programming using RMI Distributed Programming using RMI
Distributed Programming using RMI
 
Programming Server side with Sevlet
Programming Server side with Sevlet Programming Server side with Sevlet
Programming Server side with Sevlet
 
Distributed Programming using RMI
Distributed Programming using RMIDistributed Programming using RMI
Distributed Programming using RMI
 
Client Side Programming with Applet
Client Side Programming with AppletClient Side Programming with Applet
Client Side Programming with Applet
 
Java Network Programming
Java Network ProgrammingJava Network Programming
Java Network Programming
 
Windows Programming with Swing
Windows Programming with SwingWindows Programming with Swing
Windows Programming with Swing
 
Windows Programming with AWT
Windows Programming with AWTWindows Programming with AWT
Windows Programming with AWT
 
Multithreading
MultithreadingMultithreading
Multithreading
 
Object and Classes in Java
Object and Classes in JavaObject and Classes in Java
Object and Classes in Java
 
IO and serialization
IO and serializationIO and serialization
IO and serialization
 
Exception Handling
Exception HandlingException Handling
Exception Handling
 
Java Intro
Java IntroJava Intro
Java Intro
 
Object Oriented Programming with Java
Object Oriented Programming with JavaObject Oriented Programming with Java
Object Oriented Programming with Java
 
AWT Program output
AWT Program outputAWT Program output
AWT Program output
 
Net Man
Net ManNet Man
Net Man
 
Data Security
Data SecurityData Security
Data Security
 
Ne Course Part One
Ne Course Part OneNe Course Part One
Ne Course Part One
 
Ne Course Part Two
Ne Course Part TwoNe Course Part Two
Ne Course Part Two
 
Net Sec
Net SecNet Sec
Net Sec
 

KĂĽrzlich hochgeladen

05_Annelore Lenoir_Docbyte_MeetupDora&Cybersecurity.pptx
05_Annelore Lenoir_Docbyte_MeetupDora&Cybersecurity.pptx05_Annelore Lenoir_Docbyte_MeetupDora&Cybersecurity.pptx
05_Annelore Lenoir_Docbyte_MeetupDora&Cybersecurity.pptxFinTech Belgium
 
Call Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance Bookingroncy bisnoi
 
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service Nashik
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service NashikHigh Class Call Girls Nashik Maya 7001305949 Independent Escort Service Nashik
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best sexual serviceanilsa9823
 
00_Main ppt_MeetupDORA&CyberSecurity.pptx
00_Main ppt_MeetupDORA&CyberSecurity.pptx00_Main ppt_MeetupDORA&CyberSecurity.pptx
00_Main ppt_MeetupDORA&CyberSecurity.pptxFinTech Belgium
 
20240429 Calibre April 2024 Investor Presentation.pdf
20240429 Calibre April 2024 Investor Presentation.pdf20240429 Calibre April 2024 Investor Presentation.pdf
20240429 Calibre April 2024 Investor Presentation.pdfAdnet Communications
 
(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...
Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...
Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...Pooja Nehwal
 
Best VIP Call Girls Noida Sector 18 Call Me: 8448380779
Best VIP Call Girls Noida Sector 18 Call Me: 8448380779Best VIP Call Girls Noida Sector 18 Call Me: 8448380779
Best VIP Call Girls Noida Sector 18 Call Me: 8448380779Delhi Call girls
 
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...Call Girls in Nagpur High Profile
 
Q3 2024 Earnings Conference Call and Webcast Slides
Q3 2024 Earnings Conference Call and Webcast SlidesQ3 2024 Earnings Conference Call and Webcast Slides
Q3 2024 Earnings Conference Call and Webcast SlidesMarketing847413
 
03_Emmanuel Ndiaye_Degroof Petercam.pptx
03_Emmanuel Ndiaye_Degroof Petercam.pptx03_Emmanuel Ndiaye_Degroof Petercam.pptx
03_Emmanuel Ndiaye_Degroof Petercam.pptxFinTech Belgium
 
(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130Suhani Kapoor
 
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
Solution Manual for Financial Accounting, 11th Edition by Robert Libby, Patri...
Solution Manual for Financial Accounting, 11th Edition by Robert Libby, Patri...Solution Manual for Financial Accounting, 11th Edition by Robert Libby, Patri...
Solution Manual for Financial Accounting, 11th Edition by Robert Libby, Patri...ssifa0344
 
The Economic History of the U.S. Lecture 22.pdf
The Economic History of the U.S. Lecture 22.pdfThe Economic History of the U.S. Lecture 22.pdf
The Economic History of the U.S. Lecture 22.pdfGale Pooley
 
20240417-Calibre-April-2024-Investor-Presentation.pdf
20240417-Calibre-April-2024-Investor-Presentation.pdf20240417-Calibre-April-2024-Investor-Presentation.pdf
20240417-Calibre-April-2024-Investor-Presentation.pdfAdnet Communications
 
02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx
02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx
02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptxFinTech Belgium
 
Dividend Policy and Dividend Decision Theories.pptx
Dividend Policy and Dividend Decision Theories.pptxDividend Policy and Dividend Decision Theories.pptx
Dividend Policy and Dividend Decision Theories.pptxanshikagoel52
 

KĂĽrzlich hochgeladen (20)

05_Annelore Lenoir_Docbyte_MeetupDora&Cybersecurity.pptx
05_Annelore Lenoir_Docbyte_MeetupDora&Cybersecurity.pptx05_Annelore Lenoir_Docbyte_MeetupDora&Cybersecurity.pptx
05_Annelore Lenoir_Docbyte_MeetupDora&Cybersecurity.pptx
 
Call Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance Booking
 
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service Nashik
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service NashikHigh Class Call Girls Nashik Maya 7001305949 Independent Escort Service Nashik
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service Nashik
 
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best sexual service
 
00_Main ppt_MeetupDORA&CyberSecurity.pptx
00_Main ppt_MeetupDORA&CyberSecurity.pptx00_Main ppt_MeetupDORA&CyberSecurity.pptx
00_Main ppt_MeetupDORA&CyberSecurity.pptx
 
20240429 Calibre April 2024 Investor Presentation.pdf
20240429 Calibre April 2024 Investor Presentation.pdf20240429 Calibre April 2024 Investor Presentation.pdf
20240429 Calibre April 2024 Investor Presentation.pdf
 
(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...
Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...
Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...
 
Best VIP Call Girls Noida Sector 18 Call Me: 8448380779
Best VIP Call Girls Noida Sector 18 Call Me: 8448380779Best VIP Call Girls Noida Sector 18 Call Me: 8448380779
Best VIP Call Girls Noida Sector 18 Call Me: 8448380779
 
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...
 
Q3 2024 Earnings Conference Call and Webcast Slides
Q3 2024 Earnings Conference Call and Webcast SlidesQ3 2024 Earnings Conference Call and Webcast Slides
Q3 2024 Earnings Conference Call and Webcast Slides
 
03_Emmanuel Ndiaye_Degroof Petercam.pptx
03_Emmanuel Ndiaye_Degroof Petercam.pptx03_Emmanuel Ndiaye_Degroof Petercam.pptx
03_Emmanuel Ndiaye_Degroof Petercam.pptx
 
(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130
 
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escorts
 
Solution Manual for Financial Accounting, 11th Edition by Robert Libby, Patri...
Solution Manual for Financial Accounting, 11th Edition by Robert Libby, Patri...Solution Manual for Financial Accounting, 11th Edition by Robert Libby, Patri...
Solution Manual for Financial Accounting, 11th Edition by Robert Libby, Patri...
 
The Economic History of the U.S. Lecture 22.pdf
The Economic History of the U.S. Lecture 22.pdfThe Economic History of the U.S. Lecture 22.pdf
The Economic History of the U.S. Lecture 22.pdf
 
20240417-Calibre-April-2024-Investor-Presentation.pdf
20240417-Calibre-April-2024-Investor-Presentation.pdf20240417-Calibre-April-2024-Investor-Presentation.pdf
20240417-Calibre-April-2024-Investor-Presentation.pdf
 
02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx
02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx
02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx
 
Dividend Policy and Dividend Decision Theories.pptx
Dividend Policy and Dividend Decision Theories.pptxDividend Policy and Dividend Decision Theories.pptx
Dividend Policy and Dividend Decision Theories.pptx
 

Security Policy Checklist

  • 1. Checklist: IT Security Policy Version 1.0 April 27, 2005 By David M Davis, CCIE, MCSE Every organization, large or small, needs a solid IT Security Policy. The following comprehensive checklist can help you get started in creating a policy, or it can help audit the one you already have. This checklist, based on suggestions submitted by TechRepublic members, covers a wide variety of technologies and issues, and provides some helpful recommendations. Planning Item Notes Web browsing Document the central point of control for Web browsing. Perhaps it is a proxy server, a router, or a firewall. Document who has access to determine who can perform Web browsing, what Web sites users can access, and when they can access those sites. Some newer Web browsing content control systems can even categorize sites and control who can access certain categories of sites and for how long (i.e. Joe can only access news sites for 20 minutes per day). Document the method for reporting who is browsing the Web, what sites they are visiting, who those reports will be delivered to, and how often. Document what the process is if an employee visits improper sites or engages in excessive Web browsing, and define those two actions. Also, is it the job of IT to notify their supervisor? Log all Web browsing activity, making sure to record the username, and make it clear in the policy that this is a company practice. Ensure that all employees are aware of the company’s Web browsing policy. This is important since most employees will browse the Web everyday and the security policy about Web browsing is something that will most likely affect them. Implement Windows Group Policy settings (if using Active Directory) on Internet Explorer to strengthen end user systems and protect from some malicious Web content. For example, using GPO you can standardize Windows IE settings throughout the company to that browsers do not download unsigned ActiveX components. Make it a company policy not to download unsigned ActiveX controls unless they are approved by IT Put download security software in place to prevent adware, malware, and spyware from being unknowingly installed on users’ machines. Use this download security software to block/quarantine certain types of downloads (perhaps MP3s or videos) and to scan other downloads for viruses. Page 1 Copyright ©2005 CNET Networks, Inc. All rights reserved. For more downloads and a free TechRepublic membership, please visit http://techrepublic.com.com/2001-6240-0.html
  • 2. Checklist: IT Security Policy Username and passwords Implement complex password requirements. This can be done with a Windows policy. Using a Group Policy (if possible), force passwords to be reasonable long, to expire every few months, to prevent the reuse of old passwords, and to lock out users with too many failed logins. Log successful and failed logins and logouts. This is especially important for administrator accounts. Consider renaming the default quot;Administratorquot; account so that it is less of a target for password cracking. Consider using Single-Sign-On (SSO) so that all users only have one username/password to remember for all applications. This is only important if you have multiple username/password databases for authentication (such as Windows, Linux/UNIX, and Novell) or if you have different applications with their own username/password database. Document your policy on usernames and passwords and educate users on the proper use of them. Periodically perform in-house password cracking attempts on administrator accounts to test the strength of passwords. This can be done with a tool such as L0ptcrack. Instant Messaging Seriously consider blocking all instant messaging (IM) unless it is needed for business reasons. If IM is needed for business reasons, implement a program to control who can use it, what software they can use, and log all conversations. Programs that do this can also control the content that is passed through the IM conversations and whether they can send/receive downloads through IM (which can open up the company to virus, malware, and privacy concerns). Document and educate users on your IM policies. E-Mail Document what level of storage will be required from each e- mail user. Determine what will be the consequences when an e-mail user exceeds their quota (such as preventing them from sending and/or receiving email). Control external access to internal groups (such as “all employees”). Consider performing e-mail content control to prevent trade secrets or confidential information from exiting the company. Page 2 Copyright ©2005 CNET Networks, Inc. All rights reserved. For more downloads and a free TechRepublic membership, please visit http://techrepublic.com.com/2001-6240-0.html
  • 3. Checklist: IT Security Policy Implement a corporate e-mail anti-spam program. Educate users on the proper use of e-mail and how they should not give out their e-mail address to companies that might send them spam. Educate users on what to do if they do receive spam. Implement e-mail antivirus scanning Implement an email archiving program. Depending on the advice of your company’s legal team, the archive program may be used more to destroy email at set expiration dates instead of preserving email. The other function of the archiving program is to control the size of the email database. Develop a policy on using company e-mail for personal use (including the forwarding of jokes and chain letters) and decide what is quot;acceptable use.quot; Educate users on this policy. Educate users on “phishing” scams to help prevent identity theft. File access permissions Document who the owners are for critical files. These will be the persons who determine who has access to what. Determining who has access to what should not be an IT function. The function of IT is to configure that access within the operating system or application once it is determined. Watch out for shares with the default permission quot;Everyone.quot; Consider logging success and failure access and modifications to files. Backups Document what data needs to be backed up, how often it should be backed up, and how long it should be retained. Document how often a test should be done to ensure that the backups are restorable. Consider encrypting backup tapes so that the data cannot be recovered if they are lost or stolen. Ensure that backups are taken offsite. Consider a service that will do this for you. Crisis management and Disaster recovery Develop a crisis management plan. This plan should cover not just an IT crisis but any crisis that may occur. This should include natural disasters and terrorist attacks. Page 3 Copyright ©2005 CNET Networks, Inc. All rights reserved. For more downloads and a free TechRepublic membership, please visit http://techrepublic.com.com/2001-6240-0.html
  • 4. Checklist: IT Security Policy Develop an IT disaster recovery plan. This plan must be periodically tested. We won’t go into how to create a disaster recovery plan, as that is outside of the scope of this document. However, this document can help. Physical Document what physical security controls are in place for IT security. Does the datacenter/server room have locks on the doors? Are they electronic locks with a log of who goes in and out? Does the room have windows that could be broken? How resilient would it be to a flood, tornado, or power outage? Are there UPS and generators in place? What sort of fire protection does the datacenter/server room have? Also, consider video surveillance. Keep in mind that this only covers IT assets and does not cover physical security for the entire company. Ensure against physical access to a console that can connect to servers, routers, and/or switches. PCs and laptops Document the controls on PCs and laptops. Users should not have administrator privilege on their local PCs, unless there is a stated business need for it (e.g. to run a business application). Users should always log onto the domain and not have a local account, if possible. Use file encryption so that if a PC or laptop is lost or stolen, its data cannot be read. Run antivirus and anti-spyware on all PCs and laptops Consider a personal firewall on laptops because they will travel from network to network. Implement Windows Group Policy security controls to lock down what users can do on PCs and laptops. For instance, preventing users from being able to install programs. Develop a procedure to ensure that PCs and laptops have the latest patches installed. Develop a policy on USB removable devices. These are a major security risk because they can easily be used to remove large amounts of data, including corporate secrets. Remote access Control who has access to dial-up and VPN remote access. Only set up permissions for those who truly need it. The list should be as short as possible. Document the company’s policy on remote access Page 4 Copyright ©2005 CNET Networks, Inc. All rights reserved. For more downloads and a free TechRepublic membership, please visit http://techrepublic.com.com/2001-6240-0.html
  • 5. Checklist: IT Security Policy Log the success and failure of logins for remote access Periodically have a 3rd party company perform a penetration test on any dial-up remote access methods. Implement a method to ensure that clients connecting through remote access have the proper antivirus and patches installed to prevent them from infecting the company’s systems. Document whether remote VPN users can have a split tunnel. Consider using access tokens as a secondary authentication method for remote access. This way, if a username and password are stolen, they still cannot be used to gain access to the network without the token. Servers, routers, and switches Run antivirus anti-spyware software on servers Ensure that servers, routers, and switches have the latest patches installed. Log the events from these devices to a central logging server. Run performance monitoring software so that you can be alerted if something abnormal happens on the servers or the network. Many times, this can be an indication of a security breach or another critical problem. Document who has administrator/root level access on these devices and how often the password is changed. Document what privilege and access method will be given to vendors who need access to support and/or change servers and network devices. Document the security around the software development and testing environment, as well as the server and network device testing environment. Harden servers and network devices based on guidelines that are available from sites like the NSA. Internet / external network Periodically (I suggest quarterly) have a 3rd party company perform a penetration test on your Internet connection (or connections). Protect the internal network and the DMZ from the external network with a stateful firewall. Log what the firewall denies from coming into the network. Document the firewall rules with explanations, and make firewall configurations consistent across different segments. Use an Intrusion Prevention System to stop malicious attacks that would have, otherwise, gotten through the firewall. Page 5 Copyright ©2005 CNET Networks, Inc. All rights reserved. For more downloads and a free TechRepublic membership, please visit http://techrepublic.com.com/2001-6240-0.html
  • 6. Checklist: IT Security Policy Ensure that you have the fewest number of Internet connections as possible (including dial-up connections). Every Internet connection is an avenue for a malicious attacker to get into your network. Consider implementing a Security Information Management (SIM) in your network as a central repository for security information that will do event correlation and alerting. Wireless Periodically have a 3rd party company perform a penetration test on your wireless networks. Ensure that you are using the strongest form of WEP encryption possible. Consider a wireless security product that will help to prevent wireless signals from leaving your building or office and will control rogue access points on your network. Consider using 802.1X authentication as a secondary authentication method for any wireless users (besides WEP key). Consider putting the wireless network in the DMZ and forcing users to connect to it via a VPN connection. Document the wireless security policy and educate users on it. Logging Implement a centralized logging server Document how information is logged, who can view the logs, and how long those logs are kept. Various sections above cover what specifically should be logged. PDA and cell phone Document proper and improper company use of cellular phones and PDA’s. Consider using a product that will “remote kill” a lost PDA or cell phone and render its data useless. Document what types of cellular phones will be supported and who will support them. Documentation and change management Document who will control the changes made to the security policy and who will keep the documentation up to date. Document the process that changes must go through before they can be implemented. Page 6 Copyright ©2005 CNET Networks, Inc. All rights reserved. For more downloads and a free TechRepublic membership, please visit http://techrepublic.com.com/2001-6240-0.html
  • 7. Checklist: IT Security Policy David Davis manages a group of systems/network administrators for a privately owned retail company. He also does networking/systems consulting on a part-time basis. His certifications include IBM Certified Professional-AIX Support, MCSE+Internet, Sun Certified Solaris Admin (SCSA), Certified Information Systems Security Professional (CISSP), Cisco CCNA, CCDA, and CCNP. He is also Cisco CCIE #9369. Additional resources • Sign up for our Security Solutions newsletter, delivered on Fridays • Sign up for our IT Management newsletter, delivered on Tuesdays, Thursdays, and Fridays • Check out all of TechRepublic's newsletter offerings. • Information Security Policy (TechRepublic download) • Sample PDA IT support policy (TechRepublic download) • Disaster recovery plan template (TechRepublic download) • Crisis communications policy (TechRepublic download) Version history Version: 1.0 Published: April 27, 2005 Tell us what you think TechRepublic downloads are designed to help you get your job done as painlessly and effectively as possible. Because we're continually looking for ways to improve the usefulness of these tools, we need your feedback. Please take a minute to drop us a line and tell us how well this download worked for you and offer your suggestions for improvement. Thanks! —The TechRepublic Downloads Team Page 7 Copyright ©2005 CNET Networks, Inc. All rights reserved. For more downloads and a free TechRepublic membership, please visit http://techrepublic.com.com/2001-6240-0.html