HYPERLINK \L “_TOC60898879” 7.
History PAGEREF _TOC60898879 \H 12 HYPERLINK \L “_TOC60898880” 8.
Appendices PAGEREF _TOC60898880 \H 13 HYPERLINK \L “_TOC60898881” 9.
Terminology PAGEREF _TOC60898881 \H 13 Introduction Purpose The purpose of this document is to provide the IT Organization a guiding checklist of areas to address when looking at Security Management issues of the IT infrastructure. Scope This document describes the following: Audit requirements for ITIL based Security Management Audience This document is relevant to all staff in <
Use job descriptions or role titles. Ownership IT Services has ownership of this document. Related Documentation Include in this section any related Security Management reference numbers and other associated documentation: Executive Overview Describe the purpose, scope and organization of the document. Security Audit Overview — Refer list below OPERATIONAL SECURITY CHECKLIST NOTE: THAT THIS LIST CANNOT BE CONSIDERED A TOTALLY COMPREHENSIVE CHECK LIST.
IT IS A GUIDE ONLY.
FOR MATTERS OF HIGH SECURITY IMPORTANCE CONSIDER SEEKING ASSISTANCE FROM EXTERNAL SPECIALIST ORGANIZATIONS. The Auditor can check for: Physical security measures and operational processes to protect information, software, hardware and personnel from either accidental or intentional harm. The use of information, software, and hardware is to be based on authorization from the service owner (in ITIL terms, this is the paying customer, not the end user).
The owner specifies who can have access, under what circumstances, and the type of access. The system of protection, authorization, and verification is to be tailored to the risks.
Unless precluded by safety considerations, individual accountability for the use of such resources is to be ensured, and there is to be verification that these resources are used only by authorized individuals. Building considerations Fire codes Security Guards Electrical standards Number and location of employee access points Access method (swipe card, visual recognition) Building recording systems Testing “politeness” – will people hold the door open for you if you pretend you have forgotten your card/will multiple people pass through a security door after it is swiped open by one person?. Personal computer and workstation considerations Access to offices where equipment is located Employee guidelines issued and published regarding password and user-id security Locking of screens automatically after set period of inactivity
Read more about ITIL : Scope This document describes the following Audit requirements for ITIL….: