Welcome
To Kelan .Net
|
Welcome
To Kelan .Net |
|
SECURITY CHECK LIST
Your security interests are our security interests.
All client communications are confidential.
|
DO YOU HAVE THESE IN PLACE? |
WHY IS THIS IMPORTANT? |
| ADMINISTRATIVE PROCEDURES | |
| Information Access Control | Insure that operating, and in some cases, maintenance personnel have proper access. |
| Formal Mechanism for Processing Records | This is important to limit the inadvertent loss or disclosure of secure information because of process issues. |
| Internal Audit | This is important to enable the organization to identify potential security violations. (for example, logins, file accesses, security incidents) |
| Personnel Security | Supervision of personnel performing technical systems maintenance activities by authorized, knowledgeable persons. |
| Security Configuration Management | This integration process is important to ensure that routine changes to system hardware and/or software do not contribute to or create security weaknesses |
| Security Incident Procedures | To have a formal, documented instructions for reporting security breaches, so that security violations are reported and handled promptly. |
| Security Management Process | Administering and overseeing security policies to ensure the prevention, detection, containment, and correction of security breaches. |
| Termination Procedures | These procedures are important to prevent the possibility of unauthorized access to secure data by those who are no longer authorized to access the data. |
| Employee Training | Employees need to understand their security responsibilities within the organization and make security a part of their day-to-day activities. |
| PHYSICAL SAFEGUARDS | IMPORTANCE |
| Assigned Security Responsibility | Assign responsibilities to include the management and supervision of (1) the use of security measures to protect data, and (2) the conduct of personnel in relation to the protection of data. In order to be enable to pin point security breaches |
| Media Controls | Organizational policies and procedures that govern the receipt and removal of hardware/software (for example, disks, tapes, USB drives, etc.) into and out of your business. |
| Physical Access Controls | In order to prevent the unauthorized physical access to information, hardware, software, network, etc. while ensuring that authorized personnel have proper access. |
| Policy/Guideline on Workstation Use | Guidelines on the manner in which those functions are to be performed (for example, logging off before leaving a terminal unattended, non-business Internet use, etc.) |
| Secure Workstation Location | Minimize the possibility of unauthorized access to information. This would be important especially in public buildings, provider locations, and in areas where there is heavy pedestrian traffic. |
| UNAUTHORIZED ACCESS TO DATA | IMPORTANCE |
| Access Control | Types of access control include, among others, mandatory access control, discretionary access control, time-of-day, classification, and subject-object separation. |
| Audit Controls | To be able to identify suspect data access activities, assess its security program, and respond to potential control weaknesses |
| Authorization Control | Ensure information is used only by properly authorized individuals |
| Data Authentication | To be able to provide corroboration that data in its possession has not been altered or destroyed in an unauthorized manner. |
| Entity Authentication | Authentication would be important to prevent the improper identification of an entity who is accessing secure data. IE. password system. Digital signature |
