Info Security - Questions that Should be Asked Frequently
- When last was our information security policy reviewed?
- Do we have an information security officer in each department?
- Are people punished for breaching our information security policy?
- Do we have a chief information security officer?
- Does our website present the list of our contractors and business suppliers?
- Can our security guards identify information assets? E.g. Do our security Guards know what a hard disk is or looks like?
- Are our E-mails digitally signed?
- Can we verify the authenticity of the caller e.g. A caller to a bank, please transfer from my account 200,000 to this account number ...... ?
- Do we have an information disclosure policy in place.
- Is our secretary aware of the information she should not give out?
- Do we have an information disposal policy in place? i.e. what type of information is thrown into the dustbin?
- Can our customers differentiate between our website and an illegal copy of our website?
- Who is responsible for the enforcement of policies in our organization?
- Can we beat our chest and say that our customers are not the weakest link in the information security plan of our organization e.g. can we confidently ask 10 customers the Url address of the company? Would they get it right?
- Have we recently disengaged any of our staff that assisted to develop an in-house application?
- Have we disabled all default passwords and usernames of vendor applications?
- Do we have an information classification policy in place?
- Have we disabled usernames and passwords of all disengaged staff or students that came for industrial training (it)?
- Do we immediately install operating system patch updates?
- Are we regularly aware of new released patches by software vendors?
Christopher Okoh
CEO
Computer Security & Network Associates
Website: http://www.compsana.com