| When last was our information security policy | | | | illegal copy of our website?Who is responsible for the |
| reviewed?Do we have an information security officer | | | | enforcement of policies in our organization?Can we |
| in each department?Are people punished for breaching | | | | beat our chest and say that our customers are not |
| our information security policy?Do we have a chief | | | | the weakest link in the information security plan of our |
| information security officer?Does our website present | | | | organization e.g. can we confidently ask 10 customers |
| the list of our contractors and business suppliers?Can | | | | the Url address of the company? Would they get it |
| our security guards identify information assets? E.g. Do | | | | right?Have we recently disengaged any of our staff |
| our security Guards know what a hard disk is or looks | | | | that assisted to develop an in-house application?Have |
| like?Are our E-mails digitally signed?Can we verify the | | | | we disabled all default passwords and usernames of |
| authenticity of the caller e.g. A caller to a bank, please | | | | vendor applications?Do we have an information |
| transfer from my account 200,000 to this account | | | | classification policy in place?Have we disabled |
| number ...... ?Do we have an information disclosure | | | | usernames and passwords of all disengaged staff or |
| policy in place.Is our secretary aware of the | | | | students that came for industrial training (it)?Do we |
| information she should not give out?Do we have an | | | | immediately install operating system patch |
| information disposal policy in place? i.e. what type of | | | | updates?Are we regularly aware of new released |
| information is thrown into the dustbin?Can our | | | | patches by software vendors? |
| customers differentiate between our website and an | | | | |