Documente Academic
Documente Profesional
Documente Cultură
0
April 27, 2005
Every organization, large or small, needs a solid IT Security Policy. The following comprehensive checklist can
help you get started in creating a policy, or it can help audit the one you already have. This checklist, based on
suggestions submitted by TechRepublic members, covers a wide variety of technologies and issues, and provides
some helpful recommendations.
Web browsing
Document the central point of control for Web browsing.
Perhaps it is a proxy server, a router, or a firewall.
Page 1
Copyright ©2005 CNET Networks, Inc. All rights reserved.
For more downloads and a free TechRepublic membership, please visit http://techrepublic.com.com/2001-6240-0.html
Checklist: IT Security Policy
Instant Messaging
Seriously consider blocking all instant messaging (IM) unless
it is needed for business reasons.
E-Mail
Document what level of storage will be required from each e-
mail user. Determine what will be the consequences when an
e-mail user exceeds their quota (such as preventing them
from sending and/or receiving email).
Page 2
Copyright ©2005 CNET Networks, Inc. All rights reserved.
For more downloads and a free TechRepublic membership, please visit http://techrepublic.com.com/2001-6240-0.html
Checklist: IT Security Policy
Backups
Page 3
Copyright ©2005 CNET Networks, Inc. All rights reserved.
For more downloads and a free TechRepublic membership, please visit http://techrepublic.com.com/2001-6240-0.html
Checklist: IT Security Policy
Physical
Document what physical security controls are in place for IT
security. Does the datacenter/server room have locks on the
doors? Are they electronic locks with a log of who goes in and
out? Does the room have windows that could be broken? How
resilient would it be to a flood, tornado, or power outage? Are
there UPS and generators in place? What sort of fire
protection does the datacenter/server room have? Also,
consider video surveillance. Keep in mind that this only covers
IT assets and does not cover physical security for the entire
company.
Remote access
Control who has access to dial-up and VPN remote access.
Only set up permissions for those who truly need it. The list
should be as short as possible.
Page 4
Copyright ©2005 CNET Networks, Inc. All rights reserved.
For more downloads and a free TechRepublic membership, please visit http://techrepublic.com.com/2001-6240-0.html
Checklist: IT Security Policy
Protect the internal network and the DMZ from the external
network with a stateful firewall. Log what the firewall denies
from coming into the network.
Page 5
Copyright ©2005 CNET Networks, Inc. All rights reserved.
For more downloads and a free TechRepublic membership, please visit http://techrepublic.com.com/2001-6240-0.html
Checklist: IT Security Policy
Wireless
Periodically have a 3rd party company perform a penetration
test on your wireless networks.
Logging
Implement a centralized logging server
Page 6
Copyright ©2005 CNET Networks, Inc. All rights reserved.
For more downloads and a free TechRepublic membership, please visit http://techrepublic.com.com/2001-6240-0.html
Checklist: IT Security Policy
David Davis manages a group of systems/network administrators for a privately owned retail
company. He also does networking/systems consulting on a part-time basis. His certifications
include IBM Certified Professional-AIX Support, MCSE+Internet, Sun Certified Solaris Admin
(SCSA), Certified Information Systems Security Professional (CISSP), Cisco CCNA, CCDA, and
CCNP. He is also Cisco CCIE #9369.
Additional resources
• Sign up for our Security Solutions newsletter, delivered on Fridays
• Sign up for our IT Management newsletter, delivered on Tuesdays, Thursdays, and Fridays
• Check out all of TechRepublic's newsletter offerings.
• Information Security Policy (TechRepublic download)
• Sample PDA IT support policy (TechRepublic download)
• Disaster recovery plan template (TechRepublic download)
• Crisis communications policy (TechRepublic download)
Version history
Version: 1.0
Published: April 27, 2005
Thanks!
Page 7
Copyright ©2005 CNET Networks, Inc. All rights reserved.
For more downloads and a free TechRepublic membership, please visit http://techrepublic.com.com/2001-6240-0.html