The document is an IT audit checklist that contains controls for various IT security domains including application access, database access, network access, physical security, anti-malware software, vulnerability management, software development lifecycles, change management, disaster recovery, vendor management, incident response, user awareness, data protection, asset management, and overall security program controls. The checklist contains items to verify that key security controls are implemented across each of these domains.
The document is an IT audit checklist that contains controls for various IT security domains including application access, database access, network access, physical security, anti-malware software, vulnerability management, software development lifecycles, change management, disaster recovery, vendor management, incident response, user awareness, data protection, asset management, and overall security program controls. The checklist contains items to verify that key security controls are implemented across each of these domains.
The document is an IT audit checklist that contains controls for various IT security domains including application access, database access, network access, physical security, anti-malware software, vulnerability management, software development lifecycles, change management, disaster recovery, vendor management, incident response, user awareness, data protection, asset management, and overall security program controls. The checklist contains items to verify that key security controls are implemented across each of these domains.
The document is an IT audit checklist that contains controls for various IT security domains including application access, database access, network access, physical security, anti-malware software, vulnerability management, software development lifecycles, change management, disaster recovery, vendor management, incident response, user awareness, data protection, asset management, and overall security program controls. The checklist contains items to verify that key security controls are implemented across each of these domains.
☐☐ Application access to database restricted ☐☐ Battery backup up
☐☐ Generators ☐☐ HVAC
Operating System Access Controls
☐☐ System installation checklists or images used
Anti Malware Controls ☐☐ Security and event logs enabled ☐☐ Anti-virus software ☐☐ Unnecessary services turned off ☐☐ Gateway filtering ☐☐ Browser protections
Virtual Access Controls
Vulnerability Management Controls ☐☐ Access to hypervisors restricted ☐☐ Access levels modifiable ☐☐ Scanning and remediation for vulnerabilities ☐☐ Periodical access reviews ☐☐ Patch management program ☐☐ Password complexity requirement ☐☐ Secure configuration guide applied to hypervisors and SANs ☐☐ Access to services running on host restricted
www.RivialSecurity.com | 1 IT AUDIT CHECKLIST
Software Development Controls User Awareness Controls
☐☐ Software development lifecycle established ☐☐ Users trained on security
☐☐ Secure coding and web app firewall/security ☐☐ Background checks for new employees testing ☐☐ Duties separated and documented ☐☐ Security logs collected and reviewed
Change Management Controls
Data Protection Controls ☐☐ Process for change management instated ☐☐ Inventory of IT assets ☐☐ Encryption in transit and at rest ☐☐ Data classification ☐☐ Usb restrictions in place Disaster Recovery Controls ☐☐ Removal of data from storage media
☐☐ Backups for systems and data
☐☐ Disaster recovery plan established and Asset Management Controls regularly tested ☐☐ Business impact analysis plan established and ☐☐ Hardware and software inventoried regularly tested ☐☐ Installation of unauthorized software, utility and audit tools prohibited ☐☐ System capacity and performance monitored Vendor Management Controls
☐☐ Security clauses included in contracts Security Program Controls
☐☐ SLA’s are monitored ☐☐ Vendor incident notifications sent to ☐☐ Risk assessments regularly performed subservice organizations regularly ☐☐ Risks mitigated to acceptable levels ☐☐ Information security policies approved and in place Incident Management Controls ☐☐ Periodical independent audits performed
☐☐ Incident response plan instated and regularly
tested ☐☐ Customers notified following vendor incidents
Immediate download Student Engagement in Higher Education Theoretical Perspectives and Practical Approaches for Diverse Populations Shaun R. Harper ebooks 2024
