checklist

List of Information System Logs that required during Security Assessment

1. Authentication server or system logs may include successful and failed authentication attempts.

2. System logs may include system and service startup and shutdown information, installation of unauthorized software, file accesses, security policy changes, account changes (e.g., account creation and deletion, account privilege assignment), and privilege use.

3. Intrusion detection and prevention system logs may include malicious activity and inappropriate use.

Download Free IT Project Risk Management Checklist, this Project Risk Register, which also can be used as part of What Could Go Wrong (WCGW) identification during Project Risk Management Cycle.

Schedule creation
- Schedule, resources, and product definition have all been dictated by the customer or upper management and are not in balance.
- Schedule is optimistic, ‘best case’, rather than realistic, ‘expected case’.
- Schedule omits necessary tasks.
- Schedule was based on the use of specific team members, but those team members were not available.
- Cannot build a product of the size specified in the time allocated.
- Product is larger than estimated (in lines of code, function points, or percentage of previous project’s size).
- Effort is greater than estimated (per line of code, function point, module, etc.).
- Re-estimation in response to schedule slips is overly optimistic or ignores project history.
- Excessive schedule pressure reduces productivity.
- Target date is moved up with no corresponding adjustment to the product scope or available resources.
- A delay in one task causes cascading delays in dependent tasks.
- Unfamiliar areas of the product take more time than expected to design and implement.

Download Free Due Diligence Checklist Templates

A- Identification of the Company
1. Corporate name
2. Address
3. Mailing address
4. Main telephone number
5. Main telecopier number
6. Main e-mail address
7. Other (specify):

B- Identification of the Authorized Representative
8. Salutation (Mr., Ms.)
9. Representative's first name
10. Initial(s)
11. Representative's family name
12. Position held
13. Telephone number (direct line)
14. Telephone number (general)
15. Mobile telephone number
16. Pager number
17. Telecopier number
18. E-mail address (office)
19. Telephone number (residence)
20. E-mail address (residence)
21. Other (specify):

Download Free Cloud Computing IT Security Control Objectives

Asset management, access control

Data protection/segregation/encryption
To provide logical segregation of CSP customers’ data
To enable customer classification of sensitive data
To enable protection of data commensurate with risk and defined information classifications

Information systems acquisition, development, and maintenance

Encryption standards
To enable encryption of sensitive data using consistent mechanisms
To enable access to current and archived data regardless of which keys were used for encryption

Communications and operations management

Download Free GLBA Compliance Risk Assessment Templates for Banking and Financial Institution.
Administrative Safeguards
1) Do you check references prior to hiring employees who will have access to customer information?
2) Do you ask every new employee to sign an agreement to follow your organization's confidentiality and security standards for handling customer information
3) Do you train employees to take basic steps to maintain the security, confidentiality and integrity of customer information, such as:
a. locking rooms and file cabinets where paper records are kept;
b. using password-activated screensavers;