Controls and compliance checklist (Securtity Audit)
.docx
keyboard_arrow_up
School
Southern New Hampshire University *
*We aren’t endorsed by this school
Course
IT 505
Subject
Information Systems
Date
Dec 6, 2023
Type
docx
Pages
5
Uploaded by SargentLeopard2847
Controls and compliance checklist
Controls assessment checklist
Yes
No
Control
Explanation
°
●
Least Privilege
Currently, all employees
have access to customer
data; privileges need to be
limited to reduce the risk of
a breach.
●
●
Disaster recovery plans
There are no disaster
recovery plans in place.
These need to be
implemented to ensure
business continuity.
●
●
Password policies
Employee password
requirements are minimal,
which could allow a threat
actor to more easily access
secure data/other assets via
employee work
equipment/the internal
network.
●
●
Separation of duties
Needs to be implemented to
reduce the possibility of
fraud/access to critical data,
since the company CEO
currently runs day-to-day
operations and manages the
payroll.
●
●
Firewall
The existing firewall blocks
traffic based on an
appropriately defined set of
security rules.
●
●
Intrusion detection system
(IDS)
The IT department needs an
IDS in place to help identify
possible intrusions by threat
actors.
●
●
Backups
The IT department needs to
have backups of critical
data, in the case of a breach,
to ensure business
continuity.
●
●
Antivirus software
Antivirus software is
installed and monitored
regularly by the IT
department.
●
●
Manual monitoring,
maintenance, and
intervention for legacy
systems
The list of assets notes the
use of legacy systems. The
risk assessment indicates
that these systems are
monitored and maintained,
but there is not a regular
schedule in place for this
task and procedures/
policies related to
intervention are unclear,
which could place these
systems at risk of a breach.
°
●
Encryption
Encryption is not currently
used; implementing it would
provide greater
confidentiality of sensitive
information.
●
●
Password management
system
There is no password
management system
currently in place;
implementing this control
would improve IT
department/other employee
productivity in the case of
password issues.
●
●
Locks (offices, storefront,
warehouse)
The store’s physical location,
which includes the
company’s main offices,
store front, and warehouse
of products, has sufficient
locks.
●
●
Closed-circuit television
(CCTV) surveillance
CCTV is
installed/functioning at the
store’s physical location.
●
●
Fire detection/prevention
(fire alarm, sprinkler system,
etc.)
Botium Toys’ physical
location has a functioning
fire detection and
prevention system.
Compliance checklist
Select “yes” or “no” to answer the question: Does Botium Toys currently adhere
to this compliance best practice?
Payment Card Industry Data Security Standard (PCI DSS)
Yes
No
Best practice
Explanation
°
●
Only authorized users have
access to customers’ credit
card information.
Currently, all employees have
access to the company’s
internal data.
●
●
Credit card information is
accepted, processed,
transmitted, and stored
internally, in a secure
environment.
Credit card information is not
encrypted and all employees
currently have access to
internal data, including
customers’ credit card
information.
●
●
Implement data encryption
The company does not
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help