|
|
|
|
| |
| 1.Evaluate the physical location of the data centers; back up remote site facilities determine the level of access control, flood, earthquake or other calamities vulnerabilities. |
| |
|
|
|
| |
| 2. Evaluate how effective sharing of management roles and responsibilities at the physical layer of security can impact the overall IT security. |
| |
|
|
|
| |
| 3. From your own analysis what extent can Security officers, Guards, IT security consultant service negatively affect the IT security. |
| |
|
|
|
| |
| 4.How would you rate the negative results as analyzed from reporting and alarm systems on the physical security systems. |
| |
|
|
|
| |
| 5.How would you rate the possibility of a security threat taking place through user terminals, computer peripherals, audio, video recording and portable devices. |
| |
|
|
|
|
|
|
|
| |
| 1.By analyzing the security controls of the user log-in attempts, authentication and authorization process how likely would you expect a threat on this area. |
| |
|
|
|
| |
| 2. If you analyzed system errors, event viewer incidents and system performance reports what would be your risk occurrence levels. |
| |
|
|
|
| |
| 3. If you used the preliminary risk assessment tools to identify threats at the software system design what are the chances of its attack. |
| |
|
|
|
| |
| 4. Rate the negative impact of using Life-cycle risk assessment on developing software technical design and security requirements. |
| |
|
|
|
| |
| 5.How likely does gaps in an operational risk assessment done after software systems may negatively impact systems Security. |
| |
|
|
|
|
|
|
|
| |
| 1.Do you agree access control list for users and computing objects would minimize authentication and authorization systems threats? |
| |
|
|
|
| |
| 2. Out of experience how would you rate of attack on technologies used for system authentication, remote access, web access and wireless security? |
| |
|
|
|
| |
| 3.How satisfied are you with data transmission security mechanism, featuring the email, messaging systems, malicious software’s detectors and hacker’s intrusion detection. |
| |
|
|
|
| |
| 4.How satisfied are you with the strength of algorithms, the key length used in enhancing data confidentiality..? |
| |
|
|
|
| |
| 5.According to Nielsen, Ruder and Bradin (1976) there are four distinct categories that help in defining effective safeguards in computer systems(system Safeguards, Industrial safeguard, management and legal safe guards).Rate their effectiveness. |
| |
|
|
|
|
|
|
|
| |
| 1.How often is the IT security framework been reviewed to make sure has accurate information source and reliable..? |
| |
|
|
|
| |
| 2.Is the amount of IT risk information covered by the Security framework, complete, relevant and updated periodically..? |
| |
|
|
|
| |
| 3.Are you satisfied with the development and implementation IT security framework by both IT staff and non IT staff...? |
| |
|
|
|
| |
| 4.How satisfied are you with the integration of your IT security framework with other International recognized IT security Standards. |
| |
|
|
|
| |
| 5.Rate how well the five W’s (What, Who, Which, Where and When) are captured on the IT security framework to manage the actions, people, information and environment. |
| |
|
|
|
|
|
|
|
| |
| 1.Overall are you satisfied with the existing IT security policy to cater for Internet use, software’s, hardware, emails, password, doorlocks/keys handling, system access control and employee hiring and checkouts. |
| |
|
|
|
| |
| 2.How likely is the IT security policies have minimized computer security threats to the confidentiality and privacy of information? |
| |
|
|
|
| |
| 3.How likely the IT security policies can enhance the integrity of data and information in the organization. |
| |
|
|
|
| |
| 4.How likely the IT security policies can enable secure provision of data/information availability. |
| |
|
|
|
| |
| 5.Would you agree that updating, versioning and amendment of IT policies carried out to cater for current and new changes or attacks can minimize IT risks? |
| |
|
|
|
|
|
|
|
| |
| 1.How would you rate cautions applied by staff members in protecting organization data, their online privacy, managing passwords and access to sensitive digital information. |
| |
|
|
|
| |
| 2.What is the probability of erroneous data exposure, loss or damage caused by employee while using IT tools..? |
| |
|
|
|
| |
| 3.Rate the social engineering awareness among computer users using the internet. |
| |
|
|
|
| |
| 4.How can you rate the effect human ethics in observing policies, laws, standards and professionalism in relation to data privacy within organization? |
| |
|
|
|
| |
| 5.How often do computer users and IT professionals undergo computer security training? |
| |
|
|
|
| |
| IT security financial support |
| |
|
|
|
| |
| 1.How often do you use Return on Security Investment (ROSI) or other investment methodologies to calculate the benefit of technology security investment? |
| |
|
|
|
| |
| 2.How satisfied are you with each computer security budget allocated per year? |
| |
|
|
|
| |
| 3.What would be the benefit of using the IT security financial risk tool calculator which is generated from the Risk occurrence tabulation linked to an estimated financial hourly business loss? |
| |
|
|
|
| |
| 4.Do you set aside a budget to insure data and systems in case of a disaster? |
| |
|
|
|
| |
| 5.How often are Software’s and Hardware solutions evaluated to confirm their business value addition..? |
| |
|
|
|
| |
| Back up/Disaster Recovery. |
| |
|
|
|
| |
| 1.How likely can a security threats occur in backup systems..? |
| |
|
|
|
| |
| 2.Do you consider time estimates and response interval between switching from failed live system to a backup system? |
| |
|
|
|
| |
| 3.Rate the degree of thoroughness in executing disaster recovery plan during disasters..? |
| |
|
|
|
| |
| 4.Rate the level of Systems configuration stability,accuracy and vulnerability proof. |
| |
|
|
|
| |
| 4.Overall how would you rate disaster recovery control mechanism? |
| |
|
|
|
|
|
|
|
| |
| 1.How would you rate benefit of IT threat Mitigation plan, in terms of threat identification accuracy, currency, objectivity, understability and management. |
| |
|
|
|
| |
| 2.Rate the sensitivity of the Technology security mitigation tools to the evolving threats..? |
| |
|
|
|
| |
| 3.At what rate is likely expected for existing threat mitigation tools able to identity threat posed by ISP’s and other Service providers who the organization depend with but have no control any threat posed to them.? |
| |
|
|
|
| |
| 4.How often are you likely to analyzed technology tools for risk mitigations? |
| |
|
|
|
| |
| 5.Rate the effectiveness of using risk Avoidance, Reduction, acceleration, transfer and acceptance strategies in managing systems and human computers interactions? |
| |
|
|
|
| |
| IT security Research/Development. |
| |
|
|
|
| |
| 1How often does the IT teams carryout IT Security research to identify new threats? |
| |
|
|
|
| |
| 2.Have developed research tools on risk evolution? If yes how satisfied are you with its data presentation and is it ease of interpretation. |
| |
|
|
|
| |
| 3.How can you rate the IT Security research achievement..? |
| |
|
|
|
| |
| 4.Are you satisfied with the IT security research and development in enhancing secure systems design and security professional knowledge and skill? |
| |
|
|
|
| |
| 5.How would you rate the IT security research and development impact on new security innovation, knowledgebase and threat preparedness..? |
| |
|
|
|
Loading...
