Personal tools
You are here: Home Department IT Security Administration IT Security Questions You Should Be Asking
Contact information
rusecure@rutgers.edu
(732) 445-8011

RU Secure Home
 
Document Actions

IT Security Questions You Should Be Asking

last modified 2007-09-06 12:31

The following are questions that Deans, Directors, Chairs and Administrators should be asking their IT staff relative to IT security. Answers to these questions can be referenced by clicking on the link.

How are we protecting our infrastructure?
Physical
Have we assessed the physical security needs of our critical systems?
What is our strategy for protecting desktops, laptops, servers, and network (layers)?
Do we have "Defense in Depth"?
Who has responsibility for home machines/telecommuting?
Other Internet connected devices? (what are they, and who has responsibility)
If we have a wireless network do we use secure protocols, such as a virtual private network (VPN) and secure sockets layer (SSL)?
Do we have an inventory of our equipment?
Is the location of our installation CDs and back-up tapes recorded? Where?
Software
Are our computers protected by antivirus software? Protected from malware?
Are our computer operating systems current with patches?
Do staff use strong passwords?
How is remote access secured?
Can we rapidly and securely rebuild a system rebuild when necessary?

How are we protecting our data?
Have we segregated our data into the categories of confidential, internal use only, and public?
Do we have any compliance requirements? (GLBA, FERPA, SEVIS, etc.)
Who is our data custodian?
Are we using secure FTP (File Transfer Protocol)?
Are we following data retention and disposal requirements ?
Do we have a back-up strategy?
Do we have access controls to our data and services (including new hires and departures)?
Do we have policies for strong passwords, logging off, administrative rights, and personal use of university equipment?
Is our Unit Computing Specialist/Manager kept current about potential IT and/or personnel changes?

Do we have adequate resources?
Is the Dean/Director aware of IT staff duties and skills?
Is IT included in the budget process?
How do we manage potential IT purchases?
Is our Unit Computing Specialist/Manager consulted on IT purchases?
How do we manage training resources for IT staff?

What are our short and long-term IT security goals?
Are our service level agreements with third parties being met?
Do we have an incident response plan?
Do we have a vulnerability scanning account? Do we resolve vulnerabilities in a timely manner?
Do we have an IT security plan? If so, are we reviewing it annually?
What is the level of security awareness among personnel?
Do we have a security awareness training plan for employees?
Powered by Plone CMS, the Open Source Content Management System

This site conforms to the following standards: