Management Levels Security Response Checklist

Download Free Management Levels Security Response Checklist

- Are executive-level security summaries produced regularly?
- Does a clear communication path exist from the top level of management to the line-level workers? And—more importantly—does everyone know what or where that communication path is?
- Does responsibility for security rest with a Vice President, Director of Security, or other member of management? The higher up in management the responsible party is, the better! Make sure that the manager responsible for security isn't buried deep within the organization, and has the authority to act. Otherwise, he or she will be just a scapegoat.
- Has management demonstrated that it is committed to the company's security program by appropriately presenting and enforcing it?
- Has adequate funding for security been allocated and made available?
- Do all system administrators understand the importance of reporting and resolving security issues quickly?
- Is security awareness training provided as part of the standard orientation for new employees at all levels— line-level and upper management?
- Have steps been taken to ensure that all employees (from the top down) are aware of the company's information-protection policies?
- Were the realities of the company's culture (in terms of management/worker relationships) considered when the security policies and procedures were developed?
- Do employees know whom to call for help when a security breach occurs or when they don't understand their roles?
- Are security audits conducted on a regular basis?