Title Page
-
We kindly ask for your consent to participate in our "Security Planning Guide" survey. We assure you that your information will be kept confidential, and you won't need to share any personal details. Your valuable input will help us enhance our security planning resources. Please respond with "YES" to confirm your agreement or contact us with any questions. Thank you for your participation!
Personal Information
-
Name:
-
Organization:
-
Contact Number:
-
Email:
Role in the Organization
-
What is your Role?
-
Please specify:
-
What security level do you want to assess?
Security Guards
-
Are there security guards present at the LGU premises to monitor and control access?
-
Do security guards conduct regular patrols?<br>
-
Do they monitor CCTV cameras to ensure the premises are secure?
-
Are there frequent instances of criminal activity in your area?
CCTVs
-
Do I have CCTVs in place?
-
If I have CCTVs in place, are they installed in the proper and appropriate places?
-
If I have CCTVs in place, do the CCTVS cover all the areas around the municipal building?
-
Are there any valuable assets, sensitive information, or critical infrastructure in the area that need protection?
-
Do you have specific areas in your premises that require ongoing surveillance?
-
Have there been past incidents or security breaches that could have been better addressed if security cameras were in place?
Fence and Grills
-
Do I have Fences in place?
-
If I have fences in place, do the security fences have anti-climbing features?
-
Is the area prone to unauthorized entry?
-
Have there been past incidents or security breaches that could have been better addressed if security cameras were in place?
Lighting
-
Do I have outdoor lighting in place?
-
If there is outdoor lighting in place, is there sufficient lighting in all public areas of the municipal building during nighttime?
-
If there is outdoor lighting in place, are all entrances and exits of the municipal building well-lit for security purposes?
-
Is the municipality satisfied with the overall lighting conditions around the building for security purposes?
Visitor Management
-
Is there a visitor management system in place to track and monitor visitor access to municipality premises?
-
Are visitors required to sign in and provide identification upon entry?
-
If yes, is it enforced consistently?
-
Is there a designated area or reception for visitors to check in and receive information?
-
Are there restrictions on visitor access to sensitive or restricted areas within the municipal building?
-
Is the municipality satisfied with the overall effectiveness of its visitor management system?
Network Connection
-
Does the municipality provide Wi-Fi for its employees within the municipal building?
-
If the municipality provides Wi-Fi, is the Wi-Fi connection in the municipal building secured with a password?
-
If the municipality provides Wi-Fi, is there a separate guest network for public use?
-
If the municipality provides Wi-Fi, are there limitations on the number of devices that can connect to the Wi-Fi network?
-
If the municipality provides Wi-Fi, is the Wi-Fi network regularly monitored for unauthorized access?
-
If the municipality provides Wi-Fi, are employees provided with guidelines for connecting their devices to the Wi-Fi network securely?
-
If the municipality provides Wi-Fi, is the Wi-Fi network coverage sufficient for the municipality's needs?
-
If the municipality provides Wi-Fi, is the municipality satisfied with the overall security and performance of the Wi-Fi network?
Third-party Firewall
-
Do I have a firewall in place to protect its network?
-
If yes, is the firewall regularly updated with the latest security patches?
-
Has the municipality experienced any security incidents or breaches related to their firewall?
-
Is the municipality satisfied with the level of protection provided by their firewall?
Virtual Private Networks (VPNs)
-
Is remote work or the work from home setup an option for the office?
-
If yes, are the employees in this setup using VPN?
-
Are employees provided with guidelines or instructions on how to connect to the municipality's VPN?
-
Are there restrictions on the types of activities or resources that can be accessed through the VPN?
-
Is the municipality satisfied with the overall security and effectiveness of its VPN implementation?
-
Does the LGU develop custom-made applications tailored to its specific needs?
-
Is there a process for regularly assessing and testing the security of applications to identify vulnerabilities or weaknesses?
-
Does the LGU have a website or web-based applications that interact with users or provide online services?
-
If yes, are there concerns about the security of user data collected or processed through the LGU's website or web applications?
-
Have there been reported incidents of website defacement, unauthorized access, or data breaches related to the LGU's online presence?
-
Are there concerns about the availability and performance of the LGU's website or web applications?
-
Do you utilize government-provided applications such as GIS (Geographic Information System), eBPLS (Electronic Business Permit and Licensing System), and eBIR (Electronic Bureau of Internal Revenue)?
-
Do you utilize productivity applications like Microsoft Office, Microsoft Teams, and Zoom?
-
If yes, are applications regularly patched and updated?
Patch Management
-
Do you have computer systems or networks and applications in your municipal hall?
-
Do you desire to ensure the stability and performance of your computer systems?
Anti-Virus
-
Do I have antivirus installed on my device?
-
Has the municipality experienced any security incidents or breaches related to malware?
Business Email
-
Does the municipality have a dedicated business email system for official communication?
-
If the municipality utilizes business emails, are there password requirements in place for accessing the municipality's business email accounts?
-
If the municipality utilizes business emails, are there measures in place to prevent unauthorized access to the municipality's business email accounts?
-
If the municipality utilizes business emails, is there a policy in place regarding the acceptable use of the municipality's business email system?
-
Does the municipality have backup and recovery mechanisms in case of email system failures or data loss?
-
Has the municipality experienced any security incidents or breaches related to their business email system?
-
If the municipality utilizes business emails, does the municipality regularly review and update their security measures for the business email system?
Security Awareness & Training
-
Are employees aware of the potential security risks and threats that may impact the LGU's operations and sensitive information?
-
Are there instances where employees have unintentionally compromised the security of the LGU's systems or data?
-
Have there been reported incidents of unauthorized access, data breaches, or security breaches caused by employee actions or negligence?
-
Is security education and training provided to employees of the municipality?
-
If yes, are there specific security policies and procedures communicated to all employees?
-
Are employees educated on how to identify and report potential security risks or incidents?
-
Are there guidelines in place for secure handling and protection of sensitive information?
-
Is the municipality satisfied with the level of security awareness and training among its employees?
Password Creation & Management
-
Is there a policy in place for employees to change their passwords regularly?
-
Are employees encouraged to use unique passwords for each of their accounts?
-
Do employees create and understand the importance of strong and secure passwords?
-
Are employees prohibited from sharing their passwords with others?
-
Is there a process for securely storing and managing passwords within the municipality?
-
Are employees notified in case of suspected security breaches that may require password changes?
-
Is there a password recovery process in place for employees who forget their passwords?
-
Are employees trained on recognizing and avoiding common password vulnerabilities?
-
Is the municipality satisfied with the overall adherence to password creation and management practices by its employees?
Cloud Data Storage
-
Do I use cloud storage to store my data?
-
Is the municipality's data backed up regularly in the cloud storage?
-
If yes, does the municipality have control over who can access and manage the data stored in the cloud?
-
Has the municipality experienced any security incidents or breaches related to their cloud data storage?
Data Backup & Disaster Recovery
-
Do I have a data backup system/process in place?
-
If there is a backup process in place, is the data backup performed regularly?
-
If there is a backup process in place, has the municipality experienced any data loss incidents where the backup was utilized?
-
If there is a backup process in place, is the municipality satisfied with the level of protection provided by their data backup system?
General Questions
-
Do I have a personnel who has the capacity and knowledge in implementing security measures?
-
If none, do I need personnel for monitoring, handling, and supervising the implementation of the security measures?
-
Do I have tools, equipment, and devices for the implementation of the security controls?
-
If none, do I need to have these tools and devices like laptops, maintenance tools, etc?
-
Do I have a room for IT-related personnel and security controls?
-
If none, do I need a designated room for the personnel and the devices used for security controls?
-
I am willing to have security measures and controls implemented in the community/organization?