Document

Download Free Physical security policy checklist

1. Is the exterior of the building reviewed on a regular basis for protection deficiencies, such as cracked windows or unlocked doors?
2. Is there a process to identify vendors, contractors, and visitors before they enter the business area?
3. Is the lighting adequate to illuminate critical interior and exterior areas?
4. Are the entranceways blocked enough to block intruders and efficient enough for staff?

Download Free Outsourcing and Audit Procedures Checklist

- Are customer connections (extranets) audited on a regular basis?
- Does a formal architecture exist for connecting customers (extranet) to your network?
- Does a formal policy exist to spell out when, why, and how extranet connections will be permitted?
- Is management approval required before bringing an extranet connection online?
- Is a formal security audit required before bringing an extranet connection online?

Download Free Management Levels Security Response Checklist

- Are executive-level security summaries produced regularly?
- Does a clear communication path exist from the top level of management to the line-level workers? And—more importantly—does everyone know what or where that communication path is?
- Does responsibility for security rest with a Vice President, Director of Security, or other member of management? The higher up in management the responsible party is, the better! Make sure that the manager responsible for security isn't buried deep within the organization, and has the authority to act. Otherwise, he or she will be just a scapegoat.
- Has management demonstrated that it is committed to the company's security program by appropriately presenting and enforcing it?
- Has adequate funding for security been allocated and made available?

Download Free ISO 27001 Information Security Strategic Priorities Checklist

1. Assessing and protecting key information assets and critical infrastructure, including interdependent physical and cyberinformation systems.
2. Limiting the risk to enterprise assets through the use of administrative, technology, and physical means.
3. Ensuring privacy of information related to employees, partners, and customers.
4. Ensuring the enterprise is compliant with all required regulations and other regulations that may affect clients and partners.

Download Free Information Security Policy Assessment Checklist

1. Is there an executive directive/statement to ensure there is an information security architecture that includes risk, governance, ethics, compliance, privacy, and protection of enterprise assets? Are enterprise roles, responsibilities, and accountabilities defined? Are the executive team and the board of directors on the same page?
2. Are there data/information requirements stating that it must be available, accessed by need to know or have, and in the most accurate format?
3. Are staff required to acknowledge policies on new hire and termination, and at regular intervals? Are the staff types of enterprise network access defined? Is an enterprise asset defined?
4. What types of services and applications are permitted on the enterprise network, who is permitted to perform the installs and removals, and who is permitted to perform the monitoring? How are connections (hardwired, wireless, remote) defined to the enterprise network?