| When last was our information security
| |
| | differentiate between our website and an
|
| policy reviewed?Do we have an information
| |
| | illegal copy of our website?Who is
|
| security officer in each department?Are
| |
| | responsible for the enforcement of
|
| people punished for breaching our
| |
| | policies in our organization?Can we beat
|
| information security policy?Do we have a
| |
| | our chest and say that our customers are
|
| chief information security officer?Does
| |
| | not the weakest link in the information
|
| our website present the list of our
| |
| | security plan of our organization e.g.
|
| contractors and business suppliers?Can
| |
| | can we confidently ask 10 customers the
|
| our security guards identify information
| |
| | Url address of the company? Would they
|
| assets? E.g. Do our security Guards know
| |
| | get it right?Have we recently disengaged
|
| what a hard disk is or looks like?Are our
| |
| | any of our staff that assisted to develop
|
| E-mails digitally signed?Can we verify
| |
| | an in-house application?Have we disabled
|
| the authenticity of the caller e.g. A
| |
| | all default passwords and usernames of
|
| caller to a bank, please transfer from my
| |
| | vendor applications?Do we have an
|
| account 200,000 to this account number
| |
| | information classification policy in
|
| ...... ?Do we have an information
| |
| | place?Have we disabled usernames and
|
| disclosure policy in place.Is our
| |
| | passwords of all disengaged staff or
|
| secretary aware of the information she
| |
| | students that came for industrial
|
| should not give out?Do we have an
| |
| | training (it)?Do we immediately install
|
| information disposal policy in place?
| |
| | operating system patch updates?Are we
|
| i.e. what type of information is thrown
| |
| | regularly aware of new released patches
|
| into the dustbin?Can our customers
| |
| | by software vendors?
|
