Docstoc

Security Management Checklist

Document Sample
Security Management Checklist Powered By Docstoc
					This is a template that provides a checklist to ensure the security of sensitive business
information. Information security is a vital process for any business to ensure
confidential information will not be compromised. This checklist includes the following
sections: security policy, organization security, asset classification and control, physical
and environmental security, communication and operations management, and access
control. This template can be used by small businesses or other entities that want
information about how to ensure the security of sensitive information.
1 Security Management Checklist
Checklist Section                Audit Question                   Findings   Compliance
Security Policy

1.1            Information Security Policy

1.1.1          Information       Is there an Information
               Security Policy   security policy approved by
               Document          the management that is
                                 published and communicated
                                 as appropriate to all
                                 employees.

                                 Does the policy state
                                 management’s commitment
                                 and outline the
                                 organizational approach to
                                 managing Information
                                 security?
1.1.2          Review and        Does the Security policy
               Evaluation        have an owner? Who is
                                 responsible for its
                                 maintenance and review
                                 according to a defined
                                 review process?

                                 Does the process ensure that
                                 a review takes place in
                                 response to any changes
                                 affecting the basis of the
                                 original assessment, for
                                 example, significant security
                                 incidents, new
                                 vulnerabilities, or changes to
                                 organizational or technical
                                 infrastructure?
Organization Security

2.1            Information Security Infrastructure

2.1.1          Management        Is there a management forum to
               information       ensure there is a clear direction
               security forum    and visible management support
                                 for security initiatives within
                                 the organization?


© Copyright 2011 Docstoc Inc.                                                      2
2.1.2          Information        Is there a cross-functional
               security           forum of management
               coordination       representatives from relevant
                                  parts of the organization to
                                  coordinate the implementation
                                  of information security
                                  controls?
2.1.3          Allocation of      Are responsibilities for the
               information        protection of
               security           Individual assets and for
                                  carrying out specific security
               responsibilities
                                  processes clearly defined?
2.1.4          Authorization      Is there is a management
               process for        authorization process in place
               information        for any new information
                                  processing facility? This should
               processing
                                  include all new facilities such as
               facilities         hardware and software.
2.1.5          Specialist         Has specialist information
               information        security advice been gathered
               security advice    where appropriate?

                                  A specific individual may be
                                  identified to coordinate
                                  in-house knowledge and
                                  experience to ensure
                                  consistency and provide help
                                  with security decision making.
2.1.6          Cooperation        Have appropriate contacts with
               among              law enforcement authorities,
               organizations      regulatory bodies, information
                                  service providers, and
                                  telecommunication operators
                                  been maintained to ensure that
                                  appropriate action can be
                                  quickly taken and advice
                                  obtained in the event of a
                                  security incident?
2.1.7          Independent        
				
DOCUMENT INFO
Shared By:
Tags:
Stats:
views:667
posted:1/4/2012
language:English
pages:19
Description: This is a template that provides a checklist to ensure the security of sensitive business information. Information security is a vital process for any business to ensure confidential information will not be compromised. This checklist includes the following sections: security policy, organization security, asset classification and control, physical and environmental security, communication and operations management, and access control. This template can be used by small businesses or other entities that want information about how to ensure the security of sensitive information.