Title Page
-
Site
-
Date and Time of Inspection
-
Prepared by
-
Location
Management
-
Company security policies in place
-
Security policies written and enforced through training
-
Computer software and hardware asset list
-
Data classified by usage and sensitivity
-
Established chain of data ownership
Employees
-
Training on phishing, handling suspicious emails, social engineering hackers
-
Password training and enforcement
-
Training on dealing with strangers in the workplace
-
Training on carrying data on laptops and other devices and ensuring the security of this data
-
All security awareness training passed and signed off ensuring that all employees not only understand the importance of security but are active guardians for security
-
Bring Your Own Device (BYOD) plans are in place
Business practices
-
Emergency and cybersecurity response plans
-
Record of all possible sources of business disruption cybersecurity risk
-
Plans in place to lessen business disruptions and security breaches
-
Emergency disaster recovery plans in place
-
Alternative locations for running business in case of emergencies or disruptions
-
Redundancy and restoration paths for all critical business operations
-
Test restoration and redundancy plans
IT staff
-
System hardening plans
-
Automated system hardening on all operating systems on servers, routers, workstations, and gateways
-
Software patch management automated
-
Check security mailing lists
-
Regular security audits and penetration testing
-
Anti-virus software installed on all devices with auto-updates
-
Systematic review of log files and backup logs to make sure there are no errors
-
Remote plans in place, as well as policies regarding remote access
Physical security
-
Lock servers and network equipment
-
Secured and remote backup solution
-
Keys for the network are in a secure location
-
All computers are visible
-
Use locks on computer cases
-
Perform regular inspections
-
Prevent unauthorized users from entering the server room or even in the workstation areas
-
Security camera monitoring system
-
Keycard system required for secure areas
-
Secure Data Policy in place and ensure users understand the policy through training
-
Secure trash dumpsters and paper shredders to prevent dumpster diving
Secure data
-
Encryption enabled wherever required
-
Secure laptops, mobile devices, and storage devices
-
Enable automatic wiping of lost or stolen devices
-
Secure Sockets Layer (SSL) in place when using the Internet to ensure secure data transfers
-
Secure email gateways ensuring data is emailed securely
Active monitoring and testing
-
Regular monitoring of all aspects of security
-
Regularly scheduled security testing
-
External penetration testing to ensure your staff hasn’t missed something
-
Scanning for data types to make sure they are secure and properly stored
Completion
-
Observation
-
Full name and signature of IT Supervisor
