inSync Computer Solutions:
Family-owned. Family-run. Since 1994.
A partial list of questions during a security audit
Are passwords difficult to crack? Is there a password policy in place? What is the password policy?
Are there access control lists (ACLs) in place on network devices to control who has access to shared data? Are there audit logs to record who accesses data? Are the audit logs reviewed?
Are the security settings for operating systems in accordance with accepted industry security practices?
Have all unnecessary applications and computer services been eliminated for each system?
Are the operating systems and commercial applications patched to current levels?
How is data being backed up? Full or partial backup? What backup software is being used? How is backup media stored? Who has access to it? Is it up-to-date? Is there a copy offsite? What are the procedures?
What type of firewall is installed? How is it configured? Who needs remote access? How is remote access addressed?
Is there a disaster recovery or business continuity plan? If so, have the participants and stakeholders rehearsed the disaster recovery plan? If not, is there a plan to develop a business continuity plan?
Are there adequate cryptographic tools in place to govern data encryption, and have these tools been properly configured?
Have custom-built applications been written with security in mind? How have these custom applications been tested for security flaws?
How are configuration and code changes documented at every level? How are these records reviewed and who conducts the review?
For more information about our security audits:
Security>Home
Audit Questions |
How may we help you?
(888) 638-6211
Work Hard. Play Hard. Worry Less. inSync.
