Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Standard view
Full view
of .
Look up keyword
Like this
0 of .
Results for:
No results containing your search query
P. 1
Information Security Policy Checklist

Information Security Policy Checklist



|Views: 1,362|Likes:
Published by Read Rule
Information Security Policy Checklist, used for guidance to develop IS Security
Information Security Policy Checklist, used for guidance to develop IS Security

More info:

Categories:Types, Business/Law
Published by: Read Rule on Feb 26, 2009
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as XLS, PDF, TXT or read online from Scribd
See more
See less





Information Security Policy Checklist
Company: ABCDate: XX January 2010QuestionYesNoStatus
1. Is there an executive directive/statement to ensure there is aninformation security architecture that includes risk, governance,ethics, compliance, privacy, and protection of enterprise assets?Are enterprise roles, responsibilities, and accountabilitiesdefined? Are the executive team and the board of directors onthe same page?2. Are there data/information requirements stating that it must beavailable, accessed by need to know or have, and in the mostaccurate format?3. Are staff required to acknowledge policies on new hire andtermination, and at regular intervals? Are the staff types of enterprise network access defined? Is an enterprise assetdefined?4. What types of services and applications are permitted on theenterprise network, who is permitted to perform the installs andremovals, and who is permitted to perform the monitoring? Howare connections (hardwired, wireless, remote) defined to theenterprise network?5. How are access roles, accountabilities, and responsibilitiesdefined for network, applications, and devices? How aremonitoring, logging, and reporting defined for goals andobjectives?6. Who is permitted onsite and permitted to plug what type of device into the enterprise network? What is the standardauthorization and authentication mechanism for the enterprise?7. How are staff going to request access to a network,application, device, or service, who will grant access, and who willbe required to monitor logs and access? How do staff access thebuilding, business areas, and communication rooms? Iselectrostatic training required for anyone who enters a datacenter? Is the building segmented by badge control?8. How are incidents/exceptions reported, to whom are theyreported, how are incidents/exceptions reviewed? (These are notnecessarily security breaches.)9. How are the enterprise network devices configured? How arethey monitored and put back into compliance? What is theexception process to the standard? Are all ingresses andegresses documented within the enterprise?10. If something happens in the enterprise environment, how is itreported and how are systems and information recovered?11. Is there an asset and information classification matrix and arethe risks defined for the asset classification? Is there a statementabout the protection of the enterprise assets?12. Within the information security team and operational duties isthere a document listing the segregation of duties andresponsibilities, so no one person has the responsibility of complete end-to-end transaction processing?

Activity (20)

You've already reviewed this. Edit your review.
1 hundred reads
1 thousand reads
sankarelite liked this
pturton liked this
skhanna1010 liked this
rprabakar_77 liked this
ravishete2001 liked this
nutzkrum liked this

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->