Systems, Network and Topology Evaluation
- Mainframe and LAN Security Implementations
- Network Diagram: (Servers, routers, gateways,
intelligent switches, multiplexers and work stations.)
- Network Architectures (Token Ring, twisted pair,
Ethernet, Star, etc.)
- Administration Responsibility
- W/S Configurations (esp. Modems and other
communications)
- Removable Storage Media
Administration Checklist
- Procedures for Adding/Deleting Users
- Procedures for Adding/Deleting W/S and Network
Addresses
- Network Address Naming Conventions
- LAN Administration Records
- Documentation & Maintenance of Server Software
Version Levels
- Documentation & Maintenance of W/S Software
Version Levels
- CM/Records of Server Hardware
- CM/Records of W/S Hardware
- T&E Environment Isolation
- Application File Areas Isolated/Controlled
- Software Licensing/Inventory Control
- Software Licensing Compliance Reviews
- Security/Ops Utilities Access Restrictions (Syscon,
Fconsole, Security, ...)
File Servers & Workstations
- File Access Control Mechanisms
- Shared File Update Authority Restrictions
- Login Script Controls
- AUTOEXEC.BAT/CONFIG.SYS Controls
- Application Security vs. File Server Security vs. W/S
Security Controls
- Compartmentation of User Communities Sharing File
Server
Individual Accountability
- Guest/Anonymous Accounts
- Account Name Policies
- Password Policies
- User File Areas Isolated/Controlled
- Determination of Access Rights
- Assignment of Access Rights
- Work Groups
- Data Classification (Internal, Confidential, Public,
etc.)
- Access to Remote Users
Disaster Recovery Protections
- Documentation
- BIA & Cost Consequence Analyses
- Updates
- Testing
- Pre-Backup Virus Scans
- Backup Procedures
- Off Site Data Storage
- Off Site Storage of Software Licenses
- Preventive Maintenance
- Fault Tolerance
- UPS
- Mirroring
- Electronic Vaulting/Journaling
- Outage Tracking
LAN Connectivity
Dedicated Connections
- Restrictions
- Security Devices
- Dial Up Tracking
- Dial Up Phone Number Maintenance
- Liaison with Carrier
Dial Up Connections
- Restrictions
- Security Devices
- Tracking/Control
- Liaison with Carrier
External/Internet Connections
- Gateways and Firewalls
- Other Sites
- Tracking
- International Law Compliance
Virus Screening
- Memory Resident Detection Programs
- Scanners
- NLM Products
- Event Tracking
- Compliance Policies
Email Controls
- Email System Evaluation
- Regulatory Requirements for Retention/Destruction
- Public vs. Private Mail System
Policy Review
Logical Security
- Software Security
- Software Change Control
- Data Security
- Communications Security
Managerial Security
- Administrative Security
- Personnel Security
- Organizational Structure
Physical Security
- Physical Access Security
- Computer Location and Facility Construction
For further information send mail to info@miora.com
or call toll free 1-888-IS GUARD (1-888-474-8273).
© 1997 Miora Systems Consulting, Inc. All Rights
Reserved.