Previous Table of Contents Next


14. A - - -

At least two generations of backup shall be kept.

YES _____ NO _____ N/A _____
____________________________________________________________
____________________________________________________________

15. - B C D

At least three generations of backup shall be kept.

YES _____ NO _____ N/A _____
____________________________________________________________
____________________________________________________________

16. A B C D

Surplus output material should be destroyed and sensitive information shall be shredded or destroyed in some other manner that ensures security.

YES _____ NO _____ N/A _____
____________________________________________________________
____________________________________________________________

17. A B C D

Forms used for training and testing should be specially identified, in particular regarding payment routines.

YES _____ NO _____ N/A _____
____________________________________________________________
____________________________________________________________

18. - B C D

Output that includes sensitive information should be stored in locked cupboards before distribution.

YES _____ NO _____ N/A _____
____________________________________________________________
____________________________________________________________

19. A B C D

Users shall be reminded yearly, through training or campaigns, about their responsibility for EDP security.

YES _____ NO _____ N/A _____
____________________________________________________________
____________________________________________________________

20. A B C D

Passwords shall be individual, secret, and difficult to guess.

YES _____ NO _____ N/A _____
____________________________________________________________
____________________________________________________________

21. A - - -

Using a password or unlocking a physical lock shall give access to a PC system.

YES _____ NO _____ N/A _____
____________________________________________________________
____________________________________________________________

22. - B - -

A combination of at least user identity and password shall be required to authorize the use of the system.

YES _____ NO _____ N/A _____
____________________________________________________________
____________________________________________________________

23. - - C D

User identity and password shall be used for authorization to specified objects (resources). This also implies access to SPOOL files.

YES _____ NO _____ N/A _____
____________________________________________________________
____________________________________________________________

24. - - C D

In certain cases, such as the work of the security officer, a combination of user identity and password shall give authorization for transactions to be handled on a specified terminal.

YES _____ NO _____ N/A _____
____________________________________________________________
____________________________________________________________

25. A B C D

Standard passwords installed by the supplier shall be altered before using the system.

YES _____ NO _____ N/A _____
____________________________________________________________
____________________________________________________________

26. - B C D

The passwords shall be changed every second or third month. Reuse of old passwords shall not be allowed.

YES _____ NO _____ N/A _____
____________________________________________________________
____________________________________________________________

27. A B C D

User identity, including passwords, shall be deleted promptly when employees leave the company.

YES _____ NO _____ N/A _____
____________________________________________________________
____________________________________________________________

28. - B C D

For emergency and backup purposes, the security officer’s password shall be kept in a secure area. Access to the password should be allowed only in an emergency situation.

YES _____ NO _____ N/A _____
____________________________________________________________
____________________________________________________________

29. - B C D

After three attempts with illegitimate combinations of user identity and password, further attempts shall automatically be prevented.

YES _____ NO _____ N/A _____
____________________________________________________________
____________________________________________________________

30. A B C D

When leaving the terminal for more than a short period, the user shall log off the terminal or set it in a standby position, where a new log-on is required.

YES _____ NO _____ N/A _____
____________________________________________________________
____________________________________________________________

31. - - C D

As a support to the users, the following functions should be installed where possible. After a certain time (20-30 minutes) with no work at the terminal, it should automatically be set in a standby position or be shut off. Further use of the terminal should require a new sign-on procedure.

YES _____ NO _____ N/A _____
____________________________________________________________
____________________________________________________________

32. A - - -

For virus protection, diskettes or files from unknown sources (especially games) shall not be used.

YES _____ NO _____ N/A _____
____________________________________________________________
____________________________________________________________

33. A - - -

To protect confidential information, one of the following methods shall be used.

1.  Data shall be stored on diskettes that are kept under lock and key.
2.  If data is stored on a hard disk, a security system shall be implemented. It shall have functions for password security and hard disk encryption, and it shall prevent booting from diskettes.
YES _____ NO _____ N/A _____
____________________________________________________________
____________________________________________________________

34. - B C D

For file transfer data communication, the available password functions shall be used. A receipt shall be issued and sent back when a file has been received and stored.

YES _____ NO _____ N/A _____
____________________________________________________________
____________________________________________________________


Previous Table of Contents Next