network securityWhen discussing Security, reviewing a set of questions is a good place to start a discussion. Currently the cup may only be half full on some these topics. Establishing the criteria and performance expectations is essential to implementing the level of IT security your organization wants.

  1. Is a documented information and data security policy in place? Does the policy address granting and removing access, authentication, ownership of data and enforcement?
  2. How is it ensured that data and information access controlled through a firewall or other mechanism is in accordance to established policies?
  3. Is encryption required for highly confidential data?
  4. Are there requirements and policies for system availability?
  5. Are procedures in place for introducing new programs and code to production environments (e.g., test and quality assurance steps)?
  6. Is the system security linked in with the human resource function (e.g., if someone is terminated from the company, are the appropriate actions taken from a security perspective).
  7. Is there a physical security plan in place, to include:
    • control of physical access to equipment / assets
    • conditioned power
    • uninterrupted power supply (UPS)
    • backups / offsite archival storage
    • special policy for laptops
  8. Are there policies / guidelines for telecommuting?
  9. Is there a communication policy on security? Is there a separate one for employees and clients / customers?
  10. Is there a data backup / security policy that extends to each desktop and mobile devices?

Give us a call. We would like to work with you to make your workplace more secure. For more information dial 805.901.8511 .