The following checklist represents a generic approach for a quick assessment of an information system. You can use the checklist for large or small systems and tailor it accordingly.
A. General information
1. A detailed understanding of threats to the organization.
2. A description of threats for individual locations.
3. A list containing phone numbers for all individuals involved in the organizational information assurance.
4. A policy document detailing how the information assurance personnel have access to the IT operations personnel.
5. Documentation on the training of all IT operations personnel.
6. An organization ...