Download

Download Free Information Security Baseline Checklist

- What specific information/data will be collected and why?
- What are the business drivers/requirements for the collected information/data?
- When and how will that information/data be collected?
- Who will be responsible for the collection and disbursement of the information/data collected?

Download Free Information Security Awareness Implementation Checklist

Best to get them when they are fresh
Most companies have an induction process whereby they give new employees pension details and show them where the toilet is.Try and get information security included in the induction process. My last few organizations offered:

A short (one hour) “first day” induction session by HR
Get a five-slide show together on passwords, viruses, and the like and then coach the HR people on how to deliver it.

A company induction day, conducted with a group of new employees a couple of months after hire

Download Free Incident Response Team Roles and Responsibilities Checklist

Scope
Responsible for the daily operation of the computer incident response team. Develops organizational policies related to incident response and secures authorization for their implementation. Provides general direction to and review of subordinate team leaders. Recognized as the organization's expert on computer incident response, security threats, and vulnerabilities. Liaisons with law enforcement and other incident response teams as needed.

Job Complexity
Works on computer security problems attributed to both internal and external threats. Tracks incident response trends to identify and evaluate fundamental security problems and needed improvements within the organization. Addresses managerial, financial, marketing, and security issues related to the protection of corporate information assets. Must be able to act quickly and decisively in a crisis situation.

Discretion
Can commit company resources needed in the course of incident response. Must be able to escalate concerns/issues when needed.

Download Free Incident Response Team Basic Service Checklist

User Enrollment
The process of creating, modifying, and removing user accounts and privileges on the computer systems. It also includes the definition of the authorizations, group memberships, and access profiles for users.

Vulnerability Assessment
The process of searching for possible susceptibility for a system to be accessed in an unauthorized way or to have authorized access denied. Many commercial and free vulnerability assessment tools can help streamline this process, although these tools do require a certain amount of experience to use them effectively. There are many opinions regarding the frequency with which these assessments should be conducted, but nearly all security professionals agree that they're not done often enough.

Penetration Testing
The process of attempting to gain unauthorized access to a computer system or facility. This focused attempt to break into a system or facility is usually conducted from the perspective of a "hostile" entity and attempts to measure how much effort must be expended to gain access. The network operations group or other entity that monitors the computer resources will typically not know ahead of time that the testing will be conducted. Therefore, the capability to detect and respond to an attack can be measured while searching for potential vulnerabilities.

Comparison of Intrusion Detection System