Appendix II

PERSONNEL SECURITY
  1. Does your staff wear ID badges?
  2. Is a current picture part of the ID badge?
  3. Are authorized access levels and type (employee, contractor, visitor) identified on the badge?
  4. Do you check the credentials of external contractors?
  5. Do you have policies addressing background checks for employees and contractors?
  6. Do you have a process for effectively cutting off access to facilities and information systems when an employee/contractor terminates employment?
PHYSICAL SECURITY
  1. Do you have policies and procedures that address allowing authorized and limiting unauthorized physical access to electronic information systems and the facilities in which they are housed?
  2. Do your policies and procedures specify the methods used to control physical access to your secure areas, such as door locks, access control systems, security officers, or video monitoring?
  3. Is access to your computing area controlled (single point, reception or security desk, sign-in/sign-out log, temporary/visitor badges)?
  4. Are visitors escorted into and out of controlled areas?
  5. Are your PCs inaccessible to unauthorized users (e.g., located away from public areas)?
  6. Is your computing area and equipment physically secured?
  7. Are there procedures in place to prevent computers from being left in a logged on state, however briefly?
  8. Are screens automatically locked after 10 minutes idle?
  9. Are modems set to Auto-Answer OFF (not to accept incoming calls)?
  10. Do you have procedures for protecting data during equipment repairs?
  11. Do you ...

Get Industrial Security: Managing Security in the 21st Century now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial