• Adam Panek

IT Security Checklist.

IT Security Checklist.

Prevention - Detection - Recovery Check improperly configured or installed hardware. Check improperly configured or installed software. Check for delays in applying and testing software and firmware patches. Check for untested software and firmware patches. Check for bugs in software or operating systems. Check for misuse of software. Check for misuse of communication protocols. Check for poorly designed networks. Check for poor physical security. Check for insecure passwords. Check for design flaws in software. Check for design flaws in operating systems. Check for unchecked user input.

Check for threats: Unintentional access or changes to data. Unauthorized access or changes to data. Interruption of services. Interruption of access to assets. Damage to hardware Unauthorized access or damage to facilities.

Monitor For: Physical attacks. Software based attacks. Social engineering attacks. Web application based attacks. Network based attacks. Wireless network attacks.

Security Management Process Identify Security Controls. When did a security breach occur? Where did a security breach occur? Log details of breaches. Information of failed attempts such as typing wrong username and password. Select an appropriate identification technique such as a network intrusion detection system.

Implement Security Controls Authenticate users appropriately. Control access to data and resources. Match implementation security controls with the management requirements in your organization. Install a security mechanism such as an Intrusion Detection System or Intrusion Prevention System to prevent attacks on the system.

Monitor Security Controls Run tests on various controls installed to see if they are working correctly and will remain effective against further attacks on the system. Analyze important steps that improve performance of controls. Document each control failure and determine if a control needs to be upgraded or removed.


(847) 906-3332

©2018 by North Shore Computers LLC.