In this chapter, we will discuss on an advanced checklist that we will use in order to educate users and IT staff too, when it comes to any security issues, they should come as natural expressions.
Based on all the chapters and especially on the security policies, the following table has a list of checklist that touches most of the components that have been discussed in this tutorial.
| Checklist | Status of task |
|---|---|
| Server Room | |
| Server rack installed properly | |
| Air conditioning present | |
| Temperature monitoring and alarm system is in place | |
| Automatic smoke/fire detection is available | |
| Water entry prevention detector is available | |
| Fire extinguisher is in place | |
| Local LAN wiring is done properly | |
| Business Critical Services | |
| Redundant power supplies are available | |
| RAID systems are available | |
| UPS systems are in place | |
| Emergency systems are in place | |
| Documentation is up to date | |
| Professional support is provided | |
| SLAs are signed | |
| Emergency plan is prepared | |
| Business Internet Account | |
| Redundant lines | |
| Insurance for ICT equipment is available | |
| Information Systems | |
| Server is installed according to the Setup Policies Manuals | |
| Standard GPOs are configured on the Server | |
| System security is done | |
| System documentation is up-to-date | |
| Data backup is configured properly and done regularly according to backup policies | |
| To check proper naming of all computers, network devices to be in line with IT Policy | |
| Standard Whitelist Software to be aligned on all PCs | |
| All PCs in domain system | |
| Administrator privileges are taken from computer users | |
| Program privileges are on minimum needed level | |
| Information Security | |
| Identity and access management is configured | |
| Data access possibilities are minimized to needed level | |
| Virus protection software is installed on each PC | |
| Human Factor | |
| ICT System and email Usage Policy is rolled-out (should be checked as per the disciplinary safeguards) | |
| Staff awareness training is provided regularly | |
| Responsibilities are documented | |
| Maintenance of Information Systems | |
| Security updates are installed on all PC’s | |
| ICT internal alert and notification system is configured | |
| Security update action plan is done | |
| Security update roll out plan is in place | |
| General | |
| Network IP address schema are in line | |
| Network Security | |
| Firewall access rules and open ports are compliant with the firewall policy | |
| Protection of sensitive information is in place | |
| Restriction of communication services is enabled | |
| VPN is configured properly with the partners | |
| WLAN security is enabled on all WIFI devices | |
| Limited internet access is configured | |
| BYOD regulations are implemented | |
| Network Management | |
| Bandwidth Management System is configured | |
| Network Monitoring System is available | |
| DRP files are up to date |
Please keep in mind that this list can be modified according to your company needs and staff too.