checklists/auditing within the IT department (3)

["Erwin L. Carrow" <erwin.carrow () USG EDU>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

For those interested in "checklists/auditing within the IT department"
please contact me directly.  Information follows

- --
Erwin (Chris) Louis Carrow,
CISSP, INFOSEC, CSSP, CCNP, OCM
IT Auditor II
Board of Regents, University System of Georgia
270 Washington Street S.W., Ste. 7087
Atlanta, GA 30334
(404)657-9890 Office, (678)644-3526 Cell, Email: erwin.carrow () usg edu


SECURITY automatic digest system wrote:
> Date:    Wed, 10 Dec 2008 14:41:19 -0600
> From:    "Youngquist, Jason R." <jryoungquist () CCIS EDU>
> Subject: checklists/auditing within the IT department
>
> I'm looking for any recommendations on books or documents for
> auditing/best practices within one's IT department. =20
>
> Our department is broken up into 5 sections:
> Data Services - support the student information system - by programming
> and system support
> Web Services - program web applications & work on databases
> Network Services - physical security, networking gear (routers,
> firewalls, switches, etc.) servers (Windows, Linux, and a number of
> different applications), and VOIP services
> End User Support - purchase, deploy, and fix desktop computer-related
> issues
> Helpdesk/Computer Lab - provide support to customers and student
> computer lab(s).
>
> I'm looking for a number of questions/checklists/best practices to ask
> individuals in each section of the department.  The goal is to come up
> with a list of questions/checklists so each week I'll talk to an
> individual from each section of the department and ask them a few
> questions (from a long list of questions from their particular area) in
> order make sure things are working properly, security is being followed,
> and determine if there are any issues that need to be addressed.
>
> Here are some example questions:
> Generator XYZ - does a self-check happen?  If so, when?  Has the
> self-check been successful?
> Servers - Which servers are being backed up?  Are there new servers
> which haven't been added to the tape backup schedule yet?
> Servers - When was the last time a file restore was done?  Was it
> successful?
> Inventory - When was the last time a computer inventory was done?  Where
> is it located?
> VOIP - What steps are being taken to reduce/eliminate toll fraud,
> eavesdropping, caller-id spoofing, denial of service, etc.
> Web - Is there an inventory of web applications?  If so, where is it
> located?
> Web - Is there a document of coding best practices?  If so, where is it
> located?
>
>
> I've been doing some googling and brainstorming, but appreciate any
> additional information.
>
>
> Thanks.
> Jason Youngquist
> Information Technology Security Engineer
> Technology Services
> Columbia College
> 1001 Rogers Street, Columbia, MO  65216
> (573) 875-7334
> jryoungquist () ccis edu
> http://www.ccis.edu
> =20
>
> ------------------------------
>
> Date:    Wed, 10 Dec 2008 14:40:15 -0700
> From:    "Basgen, Brian" <bbasgen () PIMA EDU>
> Subject: Re: checklists/auditing within the IT department
>
>  Sounds like you are looking for some governance frameworks like COBIT
or I=
> SO 27001.
>
> ~~~~~~~~~~~~~~~~~~
> Brian Basgen
> Information Security
> Pima Community College


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD4DBQFJQPZb+lAww4pSzJURAhZKAJ99ST/zFvA5m81ffT8Qimg+VY/ijACXcM/f
GHBQRdVM/B2XGNiV4tyNUA==
=Ofha
-----END PGP SIGNATURE-----

Attachment: erwin_carrow.vcf
Description: