back to Security PageNative Technology, Inc.
SECURITY CHECK LIST
Our security consulting
engagements are performed with the assistance of certified public accountants with
significant information security background and acknowledged business expertise.
Your security interests are our security interests.
All client communications are confidential.
|
DO YOU HAVE THESE ADMINISTRATIVE PROCEDURES IN PLACE? |
WHY IS THIS IMPORTANT? |
| Information Access Control | Insure that operating, and in some cases, maintenance personnel have proper level access to resources. |
| Formal Mechanism for Processing Records | This is important to limit the inadvertent loss or disclosure of secure information because of process issues. |
| Internal IT Audit System | (for example, logins, file accesses, security incidents) This is important to enable the organization to identify potential security violations. |
| Personnel Security | Supervision of personnel performing technical systems maintenance activities by authorized, knowledgeable IT persons. |
| Security Configuration Management | This integration process is important to ensure that routine changes to system hardware and/or software do not contribute to or create security weaknesses |
| Security Incident Procedures | To have a formal, documented instructions for reporting security breaches, so that security violations are reported and handled promptly. |
| Security Management Process | Administration and overseeing security policies to ensure the prevention, detection, containment, and timely correction of security breaches. |
| Personnel Termination Procedures | These procedures are important to prevent the possibility of unauthorized access to secure data by those who are no longer authorized to access the data. |
| Security Awareness Training | Employees need to understand their security responsibilities and make security a part of their day-to-day activities |
| PHYSICAL SAFEGUARDS | WHY IS THIS IMPORTANT? |
| Assigned Security Responsibility | To assign responsibilities would include the management and supervision of (1) the use of security measures to protect data, and (2) the conduct of personnel in relation to the protection of data. To enable to pin point security breaches |
| Physical Media Controls | Policies and procedures that govern the receipt and removal of hardware/software (for example, disks, tapes, laptops, USB Drives, etc) into and out of your business. |
| Physical Access Controls | To prevent unauthorized physical access to information, hardware, software, etc. to ensure that only authorized personnel have access. |
| Policy Guidelines on lap tops, workstations or Remote Access | Manner in which those functions are to be performed (for example, logging off before leaving a terminal unattended). Policies for telecommuting employees - remote access authentication, Lap Top loss or theft planning and recover systems. |
| Secure Workstation Location | Minimize the possibility of unauthorized access to information. This would be important especially in public buildings, provider locations, and in areas where there is heavy pedestrian traffic. |
| GUARD AGAINST UNAUTHORIZED ACCESS TO DATA THAT IS TRANSMITTED OVER A COMMUNICATIONS NETWORK | WHY IS THIS IMPORTANT? |
| Access Control | Types of access control include, among others, mandatory access control, discretionary access control, time-of-day, classification, and subject-object separation. |
| Audit Controls | To be able to identify suspect data access activities, assess its security program, and respond to potential weaknesses |
| Authorization Control | Ensure that information is used only by properly authorized individuals |
| Data Authentication | Proper data authentication to be able to provide corroboration that data in its possession has not been altered or destroyed in an unauthorized manner. |
| Entity Authentication | Authentication would be important to prevent the improper identification of an entity who is accessing secure data. i.e. password systems, digital signatures, etc. |
WEB DEVELOPMENT CUSTOM COMPUTERS WEB HOSTING NETWORKING NETWORK CABLING E COMMERCE WEB INTEGRATION SECURITY
Copyright 2000-2006 Native Technology, Inc. Dallas / Fort Worth Texas. All Rights Reserved