security

1. Is the signal energy mechanical or electromagnetic? Sound energy is mechanical and radio frequency/microwave and optical/laser transmissions are electromagnetic.

2. What is the signal carrier frequency and bandwidth? The bandwidth of speech ranges from 20 Hz to 20 KHz but radio frequency transmitter frequencies can vary tremendously depending on the device. The power of the radiated signal is an important factor in estimating vulnerability to unauthorized signal detection that potentially leads to information loss.

3. What are the intervening materials between the signal source and the receive location? Recognize that signals often take multiple indirect routes in arriving at a destination. Understanding the effect of materials as a function of signal frequency will enhance the accuracy of estimates of the vulnerability component of risk.

There are different levels of clearance that individuals are subject to depending on the nature, sensitivity, and duration of access to information, assets and personnel.

Basic Check
These are not formal security clearances. A basic check (BC) provides only a basic level of assurance about the trustworthiness and integrity of individuals whose work may involve access to CONFIDENTIAL assets or information. For individuals who will definitely be working with protectively marked data, a higher clearance is usually sought. The check is carried out by reviewing official identity documents and sometimes references. The goal of a BC is to verify the following:
- Identity
- Signature
- Address
- Employment history
- Education.

Counter-Terrorism Check

IT Security Plan Template

Download Free IT Security Plan Template

A. APPLICATION/SYSTEM IDENTIFICATION

A.1 Application/System Category
- Indicate whether the application/system is a Major Application or a General Support System.
- A Major Application is "an application that requires special attention to security due to the risk and magnitude of the harm resulting from the loss, misuse, or unauthorized access to or modification of the information in the application."
- A General Support System is an "interconnected set of information resources under the same direct management control which shares common functionality. A system normally includes hardware, software, information, data, applications, communications, and people."

Download Free Sarbanes Oxley (SOX) 404 IT General Control Test Plan

- Obtain a copy of the organization’s SDLC methodology.

- Review the methodology to determine that it addresses security, availability and processing integrity requirements.

- Review the organization’s SDLC methodology to determine if it considers both the development and acquisition of new systems and major changes to existing systems.

- Review the methodology to determine if it addresses application controls.

All user accounts in use within organization should be domain accounts and not local accounts held on each workstation's local user account database. The benefit of implementing standard user naming convention are:

1. Enable administrator of the domain to better manage, support and secure the user accounts.
2. Facilitate ease of management and support