Scribd Logo
Upload

Welcome to Scribd!

  • 2K views

    Assessment Questions

    Uploaded by

    John Croson
    Security audit assessment questions.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Assessment Questions

    Uploaded by

    John Croson
    2K views3 pages
    Security audit assessment questions.

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    DOC, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Security audit assessment questions.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as doc, pdf, or txt
    2K views3 pages

    Assessment Questions

    Uploaded by

    John Croson
    Security audit assessment questions.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as doc, pdf, or txt
    of 3

    Assessment Questions:

    Servers yes no comments


    Vendors and models.

    Are servers up to date with patches?

    What services are open?

    Are the services needed?

    Is/Are the device/devices positioned correctly in


    the network?
    What are all secure and non-secure interfaces?

    What is the history of the servers?

    Is there a process for making any changes?

    Who is responsible for account management?

    Are the logs being checked?

    Who is responsible for reviewing the logs?

    What are password policies for the network?

    What is the physical security of the server


    equipment?

    Backups / UPS

    What type of backups and rotations are in place?

    Are the tapes stored off-site or on site?

    Is the data encrypted and/or secure?

    Is there an emergency data recovery plan?

    Is there power failover protection?


    Virus / Spam / Spyware

    What brand/version of virus protection is present?

    How often are the definitions updated?

    Are the updates automatic?

    What brand/version of spam protection?

    Is there spyware protection?

    Does the company have an internet / acceptable


    use policy?

    Firewall

    Vendor and model.

    Is system up to date with patches?

    Is the position in the network correct?

    Is there IDS present?

    Is logging enabled and checked?

    What ports are open/forwarded and to what


    hosts?

    WAN

    What type of logs can we get from the ISP?

    What type of monitoring is done on the


    connections?
    May we perform vulnerability scans on these
    devices?
    Can we obtain routing information?
    LAN

    What are the standards of cables used?

    What is the network topology? i.e. Bus, Linear,


    Star, Hybrid, Mesh, Ring
    What is the layout of cabling and devices?

    What types of routers, hubs and switches are


    used?
    Do they have user name and password to
    access?
    Is change management used when changing
    routers or switch configurations?
    Who approves these changes?

    What is the policy regarding connecting to LAN?

    What is the policy regarding activating ports?

    Who has access to physical space?

    Is there a policy for connecting external vendors


    to the LAN?
    Is physical security practiced properly for
    accessing premises and process for activating
    and deactivating badges, LAN ports and LAN
    connection drops?
    If there is Wireless access, is encryption used? If
    so, what type?
    Are workstation applications and OS patched?

    Is there change management at the workstation


    level for hardware/software?
    Is there Virus/Spyware protection at the
    workstation? Is it managed by IT, or user level?

    You might also like