Cyber Security Checklist

Marketing / 11 May 2023 / John Jack Daniel Complete

Score 89.29% Flagged items 6 Actions 1

Department Marketing

Date and Time of Inspection 11.05.2023 17:48 PST

IT Personnel (Full Name) John Jack Daniel

1/9
1.Flaggeditems&Actions

Flagged items & Actions 6 flagged, 1 action

Flagged items 6 flagged, 1 action

Inspection / PEOPLE

Is a current picture part of the ID badge? No

No picture on the ID badge

Photo 1

Inspection / PHYSICAL SECURITY

Do you have policies and procedures that address allowing

authorized and limiting unauthorized physical access to
No
electronic information systems and the facilities in which they
are housed?

Review visitor policies

Inspection / PHYSICAL SECURITY

Are there procedures in place to prevent computers from

No
being left in a loggedon state, however briefly?

Some employees left their PC's unlocked when they left their stations

Inspection / PHYSICAL SECURITY

Are screens automatically locked after 10 minutes idle? No

Change the settings of all PC

Inspection / ACCOUNT AND PASSWORD MANAGEMENT

Do you require and enforce appropriate passwords? No

To Do | Assignee SafetyCulture Staff | Priority Low | Due 18.05.2023 17:53 PST | Created by S
afetyCulture Staff

Change settings for password set up

Inspection / DISASTER RECOVERY

Do you have a procedure for notifying authorities in the case

No
of a disaster or security incident?

Review disaster recovery policies

2/9
Other actions 0 actions

3/9
2.Inspection-89.29%

Inspection 6 flagged, 1 action, 89.29%

2.1.PEOPLE-83.33%

PEOPLE 1 flagged, 83.33%

Does your staff wear ID badges? Yes

Is a current picture part of the ID badge? No

No picture on the ID badge

Photo 1

Are authorized access levels and type (employee, contractor,

Yes
visitor) identified on the badge?

Do you check the credentials of external contractors? Yes

Do you have policies addressing background checks for

Yes
employees and contractors?

Do you have a process for effectively cutting off access to

facilities and information systems when an Yes
employee/contractor terminates employment?
2.2.PHYSICALSECURITY-76.92%

PHYSICAL SECURITY 3 flagged, 76.92%

Do you have policies and procedures that address allowing

authorized and limiting unauthorized physical access to
No
electronic information systems and the facilities in which they
are housed?

Review visitor policies

Does your policies and procedures specify the methods used

to control physical access to your secure areas, such as door
Yes
locks, access control systems, security officers, or video
monitoring?

Is the access to your computing area controlled (single point,

reception or security desk, sign-in/sign-out log, Yes
temporary/visitor badges)?

Are visitors escorted into and out of controlled areas? Yes

Are your PCs inaccessible to unauthorized users (e.g. located

Yes
away from public areas)?

4/9
 Is your computing area and equipment physically secured? Yes

Are there procedures in place to prevent computers from

No
being left in a loggedon state, however briefly?

Some employees left their PC's unlocked when they left their stations

Are screens automatically locked after 10 minutes idle? No

Change the settings of all PC

Are modems set to Auto-Answer OFF (not to accept incoming

N/A
calls)?

Do you have procedures for protecting data during equipment

Yes
repairs?

Do you have policies covering laptop security (e.g. cable lock

Yes
or secure storage)?

Do you have an emergency evacuation plan and is it current? Yes

Does your plan identify areas and facilities that needs to be

Yes
sealed off immediately in case of an emergency?

Are key personnel aware of which areas and facilities need to

Yes
be sealed off and how?
2.3.ACCOUNTANDPASSWORDMANAGEMENT-80%

ACCOUNT AND PASSWORD MANAGEMENT 1 flagged, 1 action, 80%

Do you have policies and standards covering electronic

authentication, authorization, and access control of personnel
Yes
and resources to your information systems, applications and
data?

Do you ensure that only authorized personnel have access to

Yes
your computers?

Do you require and enforce appropriate passwords? No

To Do | Assignee SafetyCulture Staff | Priority Low | Due 18.05.2023 17:53 PST | Created by S
afetyCulture Staff

Change settings for password set up

Are your passwords secure (not easy to guess, regularly

Yes
changed, no use of temporary or default passwords)?

Are your computers set up so others cannot view staff

Yes
entering passwords?
2.4.CONFIDENTIALITYOFSENSITIVEDATA-100%
5/9
 CONFIDENTIALITY OF SENSITIVE DATA 100%

Do you classify your data, identifying sensitive data versus

Yes
non sensitive?

Are you exercising responsibilities to protect sensitive data

Yes
under your control?

Is the most valuable or sensitive data encrypted? Yes

Do you have a policy for identifying the retention of

Yes
information (both hard and soft copies)?

Do you have procedures in place to deal with credit card

Yes
information?

Do you have procedures covering the management of

Yes
personal private information?

Is there a process for creating retrievable back up and

Yes
archival copies of critical information?

Do you have procedures for disposing of waste material? Yes

Is waste paper binned or shredded? Yes

Is your shred bin locked at all times? Yes

Do your policies for disposing of old computer equipment

protect against loss of data (e.g. by reading old disks and hard Yes
drives)?

Do your disposal procedures identify appropriate technologies

and methods for making hardware and electronic media
Yes
unusable and inaccessible (such as shredding CDs and DVDs,
electronically wiping drives, burning tapes) etc.)?
2.5.DISASTERRECOVERY-90%

DISASTER RECOVERY 1 flagged, 90%

Do you have a current business continuity plan? Yes

Is there a process for creating retrievable back up and

Yes
archival copies of critical information?

Do you have an emergency/incident management

Yes
communications plan?

Do you have a procedure for notifying authorities in the case

No
of a disaster or security incident?

Review disaster recovery policies

6/9
 Does your procedure identify who should be contacted,
Yes
including contact information?

Is the contact information sorted and identified by incident

Yes
type?

Does your procedure identify who should make the contacts? Yes

Have you identified who will speak to the press/public in the

Yes
case of an emergency or an incident?

Does your communications plan cover internal

Yes
communications with your employees and their families?

Can emergency procedures be appropriately implemented, as

Yes
needed, by those responsible?
2.6.SECURITYAWARENESS-100%

SECURITY AWARENESS 100%

Are you providing information about computer security to

Yes
your staff?

Do you provide training on a regular recurring basis? Yes

Are employees taught to be alert to possible security

Yes
breaches?

Are your employees taught about keeping their passwords

Yes
secure?

Are your employees able to identify and protect classified

data, including paper documents, removable media, and Yes
electronic documents?

Does your awareness and education plan teach proper

methods for managing credit card data (PCI standards) and
Yes
personal private information (Social security numbers, names,
addresses, phone numbers, etc.)?
2.7.COMPLIANCE-100%

COMPLIANCE 100%

Do you review and revise your security documents, such as:

policies, standards, procedures, and guidelines, on a regular Yes
basis?

Set a meeting with Carl to review security policies

Do you audit your processes and procedures for compliance

Yes
with established policies and standards?

Do you test your disaster plans on a regular basis? Yes

7/9
 Does management regularly review lists of individuals with
physical access to sensitive facilities or electronic access to Yes
information systems?
2.8.COMPLETION

COMPLETION

Overall Recommendations

- Replace ID badges with employee photos

- Review security and disaster policies
- Conduct employee training about cyber security policies
- Change password settings (require complex password)

IT Personnel (Name and Signature)

John Jack Daniel

11.05.2023 17:55 PST

8/9
3.Mediasummary

Media summary

Photo 1

9/9