Silent Safety: Best Practices for Protecting the Affluent



Similar documents
FINAL May Guideline on Security Systems for Safeguarding Customer Information

Supplier Security Assessment Questionnaire

Client Security Risk Assessment Questionnaire

Written Information Security Plan (WISP) for. HR Knowledge, Inc. This document has been approved for general distribution.

HIPAA Security. assistance with implementation of the. security standards. This series aims to

HIPAA Security Alert

by: Scott Baranowski Community Bank Auditors Group Best Practices in Auditing Record Retention, Safeguarding Paper Documents, GLBA and Privacy

Information Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

MIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)

Name: Position held: Company Name: Is your organisation ISO27001 accredited:

INFORMATION SECURITY PROGRAM

BKDconnect Security Overview

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

INCIDENT RESPONSE CHECKLIST

H.I.P.A.A. Compliance Made Easy Products and Services

HIPAA Information Security Overview

IBX Business Network Platform Information Security Controls Document Classification [Public]

Hengtian Information Security White Paper

Supplier Information Security Addendum for GE Restricted Data

HIPAA SECURITY RISK ASSESSMENT SMALL PHYSICIAN PRACTICE

How To Write A Health Care Security Rule For A University

Network and Security Controls

Data Management Policies. Sage ERP Online

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL

Best Practices For Department Server and Enterprise System Checklist

ACCEPTING PAYMENT CARD ASSESSMENT Pre-Selection Questionnaire

Security Tool Kit System Checklist Departmental Servers and Enterprise Systems

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

Operational Risk Publication Date: May Operational Risk... 3

PII Compliance Guidelines

SAMPLE TEMPLATE. Massachusetts Written Information Security Plan

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.

A Practical Approach to Network Vulnerability Assessment AN AUDITOR S PERSPECTIVE BRYAN MILLER, IT DIRECTOR JOHN KEILLOR, CPA, AUDIT PARTNER

Introduction to Cyber Security / Information Security

WHITEPAPER XMEDIUSFAX CLOUD FOR HEALTHCARE AND HIPAA COMPLIANCE

Appendix 4-2: Sample HIPAA Security Risk Assessment For a Small Physician Practice

Subject: Safety and Soundness Standards for Information

Music Recording Studio Security Program Security Assessment Version 1.1

Summary of Technical Information Security for Information Systems and Services Managed by NUIT (Newcastle University IT Service)

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc.

OCR LEVEL 3 CAMBRIDGE TECHNICAL

Internal Control Guide & Resources

Instructions for Completing the Information Technology Officer s Questionnaire

Information Security Awareness Training Gramm-Leach-Bliley Act (GLB Act)

UNIVERSITY OF MAINE SYSTEM STANDARDS FOR SAFEGUARDING INFORMATION ATTACHMENT C

DEALERSHIP IDENTITY THEFT RED FLAGS AND NOTICES OF ADDRESS DISCREPANCY POLICY

Retention & Destruction

Lauren Hamill, Information Governance Officer. Version Release Author/Reviewer Date Changes (Please identify page no.) 1.0 L.

INFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION

HIPAA SECURITY RULES FOR IT: WHAT ARE THEY?

The second section of the HIPAA Security Rule is related to physical safeguards. Physical safeguards are physical measures, policies and procedures

Critical Controls for Cyber Security.

AUSTIN INDEPENDENT SCHOOL DISTRICT INTERNAL AUDIT DEPARTMENT TRANSPORTATION AUDIT PROGRAM

University of California, Riverside Computing and Communications. IS3 Local Campus Overview Departmental Planning Template

HIPAA RISK ASSESSMENT

ULH-IM&T-ISP06. Information Governance Board

HIPAA 203: Security. An Introduction to the Draft HIPAA Security Regulations

TONAQUINT DATA CENTER, INC. CLOUD SECURITY POLICY & PROCEDURES. Tonaquint Data Center, Inc Cloud Security Policy & Procedures 1

The Second National HIPAA Summit

Information Technology Security Procedures

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

Information Security Program Management Standard

Network Security Administrator

Domain 1 The Process of Auditing Information Systems

Security Overview. BlackBerry Corporate Infrastructure

Wellesley College Written Information Security Program

micros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) August, 2013 Revision 8.0 MICROS Systems, Inc. Version 8.

BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO

Altius IT Policy Collection Compliance and Standards Matrix

Newcastle University Information Security Procedures Version 3

HIGH-RISK SECURITY VULNERABILITIES IDENTIFIED DURING REVIEWS OF INFORMATION TECHNOLOGY GENERAL CONTROLS

University of Pittsburgh Security Assessment Questionnaire (v1.5)

Managed Hosting & Datacentre PCI DSS v2.0 Obligations

Information Technology General Controls Review (ITGC) Audit Program Prepared by:

System Security Plan University of Texas Health Science Center School of Public Health

Nine Steps to Smart Security for Small Businesses

APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST

Service Children s Education

Risk Assessment Guide

Transcription:

Security Checklists

Security Checklists 1. Operational Security Checklist 2. Physical Security Checklist 3. Systems Security Checklist 4. Travel Protocol Checklist 5. Financial Controls Checklist In a typical family business scenario, the patriarch, matriarch or other designated family leader usually plays an active role in overseeing family affairs and safeguarding family assets. He or she works closely with the staff and often has sole check-signing authority. As the family business grows, this oversight role shifts to trusted employees or governing boards. When that occurs, certain security and oversight procedures and protocols must be put into place, in order to secure the family members and business assets. The following checklists while not exhaustive highlight the types of measures that must be implemented, to begin to ensure both the physical safety of the members of the family, as well as the security of the family and business assets.

Operational Security Checklist Are security policies and procedures in place, such as access control, visitor escorting, document security and communications security? Are HR policies compliant and enforced to avoid employment law issues? Is a security training and operational awareness program in place for both office and house staff? Are thorough background investigations conducted on employees and contractors prior to hiring for the office and the families homes? Are disaster recovery (DR) plans documented and DR exercises conducted on a yearly basis to test systems for failsafe preparedness? Are nondisclosure/integrity assurance agreements in place for all employees and contractors? In protecting family information from theft and extortion, are technical surveillance countermeasure (TSCM) inspections periodically conducted? Is investigative due diligence conducted for family members prior to committing monies to investments or donations? Is the family name protected from unneeded exposure on the Internet? Are crisis preparedness and response plans in place to protect the family in the event of exposure to such issues as kidnap for ransom, extortion, stalking, child abduction, home invasion, hate crimes and terrorist attacks?

Physical Security Checklist Are access controls in place for all external ingress/egress points? Should bulletproof glass be installed in the principal s office? Are strategically installed CCTV cameras installed in all critical areas? Are all critical IT systems integrated within an encrypted server and appropriately protected through the use of software and hardware devices? Has glass-break technology been strategically installed within the offices, where appropriate? Are all exterior electrical and communications cabinets locked and monitored for breach? Are fire control detection systems in a secured area? Is confidential trash properly disposed of to insure destruction? Are controlled access procedures in place for cleaning crews, contractors and maintenance personnel or are they permitted unfettered access to the office when no one is there? Are families homes professionally secured in relation to the exposure their wealth creates (see chapter on Securing the Home Front)?

Systems Security Checklist Is a qualified patch management process in place for all workstations and servers? What type of user identification, authentication and authorization process controls are in place throughout the environment? Are application security controls in place? Are wireless network access points necessary? If they are, are they appropriately protected with the latest authentication mechanisms? Are sensitive data exchanges secured and are data classification levels on critical databases enforced? Are data or email encryption technologies in place to protect sensitive information leaving your server and desktop environments? Are intrusion prevention controls in place across the network? Are the NAC (network access control) hardware and policies valid and reliable? Is the firewall administration outsourced? Are there any types of intrusion detection system (IDS) or intrusion prevention systems (IPS) present? Are incident response procedures currently in place? Are procedures including appliance and device documentation documented and provided for secure, off-site storage? Are response methods (i.e., battery back-up times, recovery timelines for critical systems, equipment and data back-ups, etc.) in sync with expectations of management? Are network administration capabilities controlled by only qualified network administrators? Are network administrators monitored for their activity? Does executive management maintain a separate administrative user name/password, or does the IT manager have the keys to the kingdom? Are regular, external IT security audits conducted to ensure level of security measures are appropriately in place and operational? Are IT protocols in place and exercised when employees are terminated (i.e., downloaded and archived email profiles, user access terminated, etc.)?

Travel Protocol Checklist Are travel itineraries protected and are travel agents thoroughly screened? Is investigative due diligence conducted prior to the acquisition of aircrafts and yachts, and are TSCM inspections conducted prior to travel by new owners? Are personal protection protocols in place? Are risk assessments conducted on each venue prior to family members traveling and reports generated for family review? Are contingency plans in place to assist family members while traveling, in the event an emergency evacuation is required? Are children/young adults traveling without adult escort educated on the risks of abduction and general safety protocols?

Financial Controls Checklist Financial controls must ensure the preservation of current assets and optimization of future gains. They must also be consistent with the family s tolerance for risk. Policies should be developed to address day-to-day transactional matters, investment management and performance measurement guidelines. The following topics should be addressed: Fund transfers Bookkeeping/reconciliation protocols Protection from unauthorized investment transactions Authorizations/limits/access: procedures that safeguard access to funds Improper allocation of investment funds Recording cash receipts Disbursements Payroll controls to eliminate fraud: ghost employees Segregation of duties: investments, financial accounting, reporting During these challenging economic times, the adviser must increase awareness regarding the potential for fraud, specifically involving readily accessible cash and the client s investment portfolio. Additional monitoring measures and controls may be prudent to cover multiple risks, in addition to those associated with stocks or bonds. Performance expectations based upon independent research and good old common sense should all be part of instituting new controls to protect the client s family and business.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information