Previous Table of Contents Next


35. A B C D

For interactive data communication, the security measures items 20-32 shall be included.

YES _____ NO _____ N/A _____
____________________________________________________________
____________________________________________________________

36. A B C D

The use of encryption should be decided jointly by the personnel responsible for security at the sending and the receiving companies. Their feasibility study shall include sensitivity of data, risks, and costs. Before deciding for encryption, corporate approval must be obtained.

YES _____ NO _____ N/A _____
____________________________________________________________
____________________________________________________________

37. A B C D

For synchronous communication, the identities shall be unique.

YES _____ NO _____ N/A _____
____________________________________________________________
____________________________________________________________

38. A B C D

Dial-up asynchronous communication, X21 and X25, must be specially secured against unauthorized access. The following methods may be used:

1.  Call back, so that the final connection is always established from the minicomputer or the mainframe (not from a personal computer).
2.  Dynamic passwords, changed each time the communication is used (this requires some special hardware).
3.Encryption.  Before deciding for encryption, corporate approval must be obtained. Direct access to data with a simple password as the only security measure is not suitable.
YES _____ NO _____ N/A _____
____________________________________________________________
____________________________________________________________

39. A B C D

For each application where data communication is being used, fallback alternatives to the communication and its routines shall be developed and tested.

YES _____ NO _____ N/A _____
____________________________________________________________
_____________________________________________________________

40. - B C D

Investigations have shown that the risk of loss is as great in the area of swindle and sabotage as it is for fire and water damage. In light of these facts, the background of those who will be employed in sensitive positions should be carefully checked.

YES _____ NO _____ N/A _____
____________________________________________________________
____________________________________________________________

41. A B C D

The employment agreement for IT personnel should include a paragraph stating, &147;Programs made in working hours or otherwise made for the employer are the property of the employer and cannot be sold or given away without written permission from the employer.”

YES _____ NO _____ N/A _____
____________________________________________________________
____________________________________________________________

43. - - C D

A logbook of disturbances shall be kept. It should contain the time when the disturbance was discovered, the kind of disturbance and where it occurred, the time for notification of error, and the time when the system was working again.

YES _____ NO _____ N/A _____
____________________________________________________________
____________________________________________________________

44. - - C -

A contingency plan should be worked out and kept updated.

YES _____ NO _____ N/A _____
____________________________________________________________
____________________________________________________________

45. - - - D

A contingency plan must be worked out and kept updated.

YES _____ NO _____ N/A _____
____________________________________________________________
____________________________________________________________

46. - - C D

The computer installations should have insurance against fire. Water and extra cost insurance is often recommended. For leased equipment, check whether the leasing company or the Group company is responsible for taking out the insurance policy.

YES _____ NO _____ N/A _____
____________________________________________________________
____________________________________________________________

47. A B C D

A complete system and operation documentation shall be kept up to date. One copy of it shall be kept in a fireproof place.

YES _____ NO _____ N/A _____
____________________________________________________________
____________________________________________________________

48. - B C D

Before putting a new system or a new version into production, a thorough test shall be carried out. This

YES _____ NO _____ N/A _____
____________________________________________________________
____________________________________________________________

49. - - C D

A test system or a test company should be installed, so that tests and education will not affect the production environment.

YES _____ NO _____ N/A _____
____________________________________________________________
____________________________________________________________

50. A B C D

Methods shall be applied to ensure that all input allowed and nothing else is entered into the system. Such methods are automatic checking of batch sums or serial numbers and a split input by two clerks and a comparison between the two input files.

YES _____ NO _____ N/A _____
____________________________________________________________
____________________________________________________________

51. A B C D

Quality checks of data entry shall be used, such as check digits, format, and reasonableness checks, combination controls, matching checks, and batch totals.

YES _____ NO _____ N/A______
____________________________________________________________
____________________________________________________________


Previous Table of Contents Next