download

1. Review the organization chart and evaluate the established procedures for adequacy in defining responsibilities in the security administration area. Implement general control (provision for general authorization over the execution of transactions, e.g., prohibiting the IT department from initiating or authorizing transactions) and COBIT objective (position descriptions clearly and delineate both authority and responsibility).

Download free Business Impact Analysis Template. Business impact analysis (BIA) is an essential component of an organization's business continuance plan; it includes an exploratory component to reveal any vulnerabilities, and a planning component to develop strategies for minimizing risk.

Download free Firewall Security Checklist for ISO 17799. This firewall covering activity such as:
1. Wireless networking is not secure enough to be used in a production environment that requires high security or involves confidential data.
2. Obtain a copy of the Wireless networking policies and procedures document.

Critical infrastructures are important to the national interest and people’s everyday life. US National Strategy for Homeland Security has identified 14 areas for critical infrastructure protection. Some of them are information and telecommunication, food energy, water, transportation, finance and banking, emergency services, chemical industry, public health, power grid etc. At the heart and soul of nearly every one of these critical infrastructures is the SCADA (supervisory, control, and data acquisition) system. Therefore, the security of the SCADA system has become a central issue. Unfortunately current security technologies deployed in the SCADA system have many flaws accompanied by endless break-in reports.

Directories are public or private stores containing essential identifying information typically used in daily enterprise activities. Many application providers capitalize on directories offering integration into existing directories to extend their application’s functionality. Network operating systems also house vital network information, such as users and computers, within directories.

Lightweight Directory Access Protocol (LDAP) is a directory standard founded on the legacy X.500 directory. LDAP’s initial implementations provided gateway services between X.500 directory servers and clients. While LDAP was initially created to meet this requirement, it became clear that a parting from the cumbersome X.500 directory standard was needed to simplify deployments. In 1994, LDAP was transformed into a directory specification with its own database and structuring conventions.