Welcome to ValleyNet : ValleyNet KnowledgeBase : Security : Security Checklist
Security Checklist
Viruses and other potentially damaging programs continue to shoot around the Internet like stars in a planetarium gone haywire. Here’s a checklist of a dozen “important-to-have” items. We invite you to use this checklist to make sure that you’ve got reasonable protection. If you don’t have each of these in place, you’re in good company. We urge you strongly to modify this list to fit your agency,and to use it either on your own or with the help of a qualified consultant.
|
Item
|
Frequency
|
|
1. Antivirus software installed and updating on all servers and workstations – The need for antivirus software is clear. You can get discounted software from http://www.techsoup.org.
|
Weekly updates
|
|
2. Windows and Office software patched and up to date on all servers and workstations – Visit http://www.windowsupdate.com and follow the instructions there to download all patches and fixes, but this can take a lot of time for each computer!
|
Monthly or as needed
|
|
3. All data (server, laptop, etc.) backed up daily and taken offsite periodically – Note that even on networked systems some date (laptop data, email, and Internet favorites) are usually stored on workstations; you’ve got to back that stuff up too!
|
Daily
|
|
4. Firewall installed and tested, patches up to date – Many inexpensive internet connection devices claim to be firewalls but offer limited protection. Corporate networks need true firewalls, so check with an expert to insure that you’re protected.
|
Annual review & update
|
|
5. Physical access to computers, disks, printers, etc. controlled – We all like open, comfortable offices, but that can give unauthorized users access to computers that are fully logged in and usable. Reception area and public access computers are especially vulnerable.
|
|
|
6. Passwords changed periodically, including screen savers – Passwords get shared, written down, and otherwise compromised. Change twice a year despite the wretched inconvenience of this task.
|
Every 6 months
|
|
7. Disaster recovery plan in place – Flood and fire are rare, but thefts and system failures are distressingly common. How would your organization get back up and running if an extraordinary problem occurred? You need a plan and need to update it as your systems change.
|
|
|
8. Support and coverage – Do users have someone to call if they believe they’ve run into a security problem? Do they feel comfortable doing so, or afraid of being blamed?
|
Annual review
|
|
9. Content filtering in place and updated – Most organizations need to protect themselves from offensive material. Install and update a product that protects and documents your agency’s access..
|
Monthly updates
|
|
10. Media and reports stored or destroyed – Users can be extremely casual when disposing of CD’s, disks, and even reports. Encourage caution with all computer output!
|
Annual reminder
|
|
11. Spyware protection used and updated regularly – Use Spybot, Ad-Aware, or some other software to control spyware. Use self-updating software if possible.
|
Monthly updates
|
|
12. Acceptable use policy – Every person, when given rights to use your system, should read and sign a policy that outlines all of the above, plus agency-specific guidelines. A person can’t comply with policies s/he has never seen!
|
Annual policy update
|
Prepared by Baird Associates, Inc., and presented here with their permission.
http://www.bairdassociates.com
This information last reviewed 11/26/2003
Back to ValleyNet KnowledgeBase
|
ValleyNet |
58 North Main Street, PO Box 486, White River Junction, VT 05001
Voice 802 359-4162 | Fax 802 359-4164 |
|
