Security Tool Kit System Checklist Departmental Servers and Enterprise Systems



Similar documents
Best Practices For Department Server and Enterprise System Checklist

Information Security Policy and Handbook Overview. ITSS Information Security June 2015

Client Security Risk Assessment Questionnaire

Cybersecurity Health Check At A Glance

Server Security Checklist (2009 Standard)

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

INFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION

USING GENIE REMOTELY

Information Blue Valley Schools FEBRUARY 2015

2012 Risk Assessment Workshop

STREAM FRBC

Supplier Security Assessment Questionnaire

Copyright Telerad Tech RADSpa. HIPAA Compliance

University of Pittsburgh Security Assessment Questionnaire (v1.5)

Data Stored on a Windows Server Connected to a Network

H.I.P.A.A. Compliance Made Easy Products and Services

TEXAS AGRILIFE SERVER MANAGEMENT PROGRAM

Security Standard: Servers, Server-based Applications and Databases

Security Controls What Works. Southside Virginia Community College: Security Awareness

University of California, Riverside Computing and Communications. IS3 Local Campus Overview Departmental Planning Template

Security Threat Risk Assessment: the final key piece of the PIA puzzle

Data Stored on a Windows Computer Connected to a Network

Network and Security Controls

Name: Position held: Company Name: Is your organisation ISO27001 accredited:

APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST

Vendor Audit Questionnaire

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Georgia Institute of Technology Data Protection Safeguards Version: 2.0

Introduction. PCI DSS Overview

Critical Controls for Cyber Security.

Data Management Policies. Sage ERP Online

Virginia Commonwealth University School of Medicine Information Security Standard

OIT OPERATIONAL PROCEDURE

SMS. Cloud Computing. Systems Management Specialists. Grupo SMS option 3 for sales

Fortinet Solutions for Compliance Requirements

Retention & Destruction

INCIDENT RESPONSE CHECKLIST

University of Illinois at Chicago Health Sciences Colleges Information Technology Group Security Policies Summary

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

Altius IT Policy Collection Compliance and Standards Matrix

HIPAA Privacy and Security Risk Assessment and Action Planning

Central Agency for Information Technology

The Second National HIPAA Summit

BKDconnect Security Overview

McAfee Endpoint Encryption Hot Backup Implementation

WHITE PAPER. Support for the HIPAA Security Rule RadWhere 3.0

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

Why SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)?

Research Information Security Guideline

White Paper. Support for the HIPAA Security Rule PowerScribe 360

System Management. What are my options for deploying System Management on remote computers?

UTAH STATE UNIVERSITY POLICIES AND PROCEDURES MANUAL

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Two

A Nemaris Company. Formal Privacy & Security Assessment For Surgimap version and higher

Procedure Title: TennDent HIPAA Security Awareness and Training

[Insert Company Logo]

VIRGINIA STATE UNIVERSITY RISK ANALYSIS SURVEY INFORMATION TECHNOLOGY

Network Security Guidelines. e-governance

Approved 12/14/11. FIREWALL POLICY INTERNAL USE ONLY Page 2

Information Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis

UMHLABUYALINGANA MUNICIPALITY IT PERFORMANCE AND CAPACITY MANAGEMENT POLICY

Small Business IT Risk Assessment

Vulnerability Management Policy

NETWORK SECURITY GUIDELINES

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL

Automation Suite for. 201 CMR Compliance

Hawaii Behavioral Health. Technology Plan. Technology and System Plan. Carla Gross Chief Operating Officer. Technology and System Plan

How To Control Vcloud Air From A Microsoft Vcloud (Vcloud)

Introduction to Cyber Security / Information Security

ISAAC Risk Assessment Training

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

UNIVERSITY OF MAINE SYSTEM STANDARDS FOR SAFEGUARDING INFORMATION ATTACHMENT C

Hamilton College Administrative Information Systems Security Policy and Procedures. Approved by the IT Committee (December 2004)

Best Practices Report

Silent Safety: Best Practices for Protecting the Affluent

CHIS, Inc. Privacy General Guidelines

Tailored Technologies LLC

Policy Document. Communications and Operation Management Policy

Securing the Service Desk in the Cloud

Ellucian Cloud Services. Joe Street Cloud Services, Sr. Solution Consultant

Transcription:

Security Tool Kit System Checklist Departmental Servers and Enterprise Systems INSTRUCTIONS System documentation specifically related to security controls of departmental servers and enterprise systems is an audit and National Institute of Standards in Technology (NIST) requirement. This checklist must be filled out and/or revalidated once a year by the system administrator and approved by the system owner. A separate checklist should be completed for each departmental server and/or enterprise system and be readily available. SYSTEM INFORMATION 1) GWU Division / Department Name: 2) What is the system s IP Address? 3) What is the system host name? 4) What is the system s MAC address? 5) Department / Division Contact Person: System Admin Contact Info: Application Admin Contact Info: User Admin Contact Info: 6) System Location/Address/Room Number/Physical Address 7) Is this system on the network? If not, describe why. 1

8) Does this system connect to the GWU network? 9) Does this system have access to the internet? 10) Does this system utilize dial-up access? 11) What is the GW Asset Tag Number on the system? 12) What is the manufacturers make, model and serial number of the system: 13) What is the computer s operating system version? 14) Is this machine considered a Single User Desktop, Enterprise Server, a Public Systems Desktop or a Public Systems Enterprise Server? 15) How does the system support the overall mission of the university? 16) Does this system support a specific service? If so, what service name? (ex: banner, ERP, accounting, etc.) 17) Is this system maintained by a system administrator or individual user? (if so provide, name, number and e-mail) SYSTEM DATA CHARACTERISTICS 1) Does this system process, store, and/or transmit faculty or employee information such as social security numbers, employee numbers, and employment history, and/or personnel records as examples? Please describe. 2

2) Does this system process, store, and/or transmit university, student, faculty, employee, or contractor financial information budget, salary, income, financial aid, contract bidding fees as examples? Please describe. 3) Does this system process, store, and/or transmit medical history or medical records of students, faculty, employee, contractor, or agents of the university? Please describe. 4) Does this system process, store, and/or transmit student records and student academic history? Please describe. 5) Based on the Data Classification Policy where does this system fall based on the type of information on the system (Public, Official Use, Confidential) and the type of system itself (Desktop, Departmental Server, Enterprise System)? Please see the Data Classification Policy and Matrix for detailed information. System Security Settings and Environment 1) How does the system identify and authenticate each user? a. Windows Log on? b. Novell Log on? c. VPN Log on? d. Other? Please describe. 2) Describe the number of users who can log on to this system and give a brief description of who they are. 3) Is antivirus software installed on the system? a. Antivirus Manufacturer b. Version c. Real-time protection? 3

d. Firewall (personal or hardware?) Describe the ACLs: e. Additional security software 4) If antivirus software is installed on the system, how often are the definitions updated? 5) Are operating system patches updated regularly? 6) Are software patches updated regularly? 7) Has a security plan been developed for the system? 8) What physical access controls are there in place for the system? 9) Has the system functionality been formally documented? 10) Have the system users completed the on-line security and awareness training? 11) Is this system subject to change management procedures before a change is implemented? Explain 12) Is physical access to system restricted to those who require access to it? Please attach a User Access List. 13) Has the system been configured to provide the least privilege level of access necessary to perform job function? 4

14) If the hard drive in the system had to be replaced, is the data properly sanitized? 15) Is there a contingency and disaster recovery plan if the system were to lose functionality? a. Local Backups b. Network backups c. Failover Capabilities 16) How old could the files on this system be? 17) Is there any data on this system that falls under GLBA, HIPAA, or FERPA? 18) Are routine scans and/or audits performed against the system? 19) Is logging enabled on the system? List what services are logged and location of logfiles. Name additional 3 rd party utilities used to log data from this system. 20) How often do you review the system logs? 21) How do administrators access this system? 22) How do users access this system? 23) How do users get an account on this system? 24) Describe the reliability of the account deletion process. 5

25) Has the screen locking feature been enabled on the system? 26) Is the data stored and transmitted on the system encrypted? 27) List those applications which transmit information: 28) List all known open services: System Administrator Sign-off Name: Signature: Title: Date: System Owner Sign-off Name: Signature: Title: Date: 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information