|
Purpose The
purpose of this checklist is to assist university IT’s in systematically identifying and considering computer security issues. This checklist addresses
departmental desktop and notebook computers, computer labs, servers, policies,
operating procedures, and practices related to the use of computer equipment and
services. Review each item and check the appropriate box on the checklist: Those items checked as "Needs Immediate Attention" represents the primary security vulnerabilities and should receive prompt attention. A majority of "Need to Review" or "Needs Immediate Attention" checks suggests the department would benefit from a security assessment and analysis.
|
|
1. Physical Security Are your systems physically secured?
(ADICS, Section 10) |
Yes |
Need to Review |
Needs Immediate Attention |
|
2.
Passwords Are you requiring and enforcing appropriate passwords?
(ITR,
Section III, C) |
|||
|
3. Virus Protection Are you using, and regularly updating, anti-virus software?
(NSP, Computer Viruses) |
|||
|
4.
Data
Backup and Restoration Are you periodically backing up individual and departmental data?
(ADICS,
Appendix G) |
|||
|
5.
Operating
Systems Are the operating systems you use updated with current security
patches? (NSP, System Security) |
|||
|
6.
Servers Are your servers registered?
(ITR Section II, line M) |
|||
|
7.
Application
Software Are your common applications configured for security?
(NSP, System Security) |
|||
|
8.
Confidentiality
of Sensitive Data Are you exercising your responsibility to protect sensitive data under
your control? (ITR, ADICS, NSP) |
|||
|
9.
Disaster
Recovery Do you have a current disaster recovery plan?
(ITR Section II, D; ADICS, Appendix G) |
|||
|
10.
Security
Awareness and Education Are you
providing
information about computer security to your staff? (ADICS, NSP) |