#let gold = rgb("#ffc500") #set text(font: "Calibri") #let gradient_fill = ( color.hsl(230deg, 60%, 20%), color.hsl(225deg, 60%, 15%), color.hsl(220deg, 60%, 15%), color.hsl(220deg, 60%, 15%), color.hsl(220deg, 60%, 15%), color.hsl(220deg, 60%, 15%), color.hsl(210deg, 60%, 15%), color.hsl(210deg, 80%, 20%), ) #let shieldnet_font = "IBM Plex Sans" #set page( margin: (x: 2cm, top: 3cm, bottom: 1cm), header: context if here().page() > 1 { align( center + horizon, box( width: page.width, height: 100%, fill: gradient.linear(..gradient_fill), [ #place(left + horizon, dx: +page.margin.left)[ #text( size: 1.1em, fill: gold, font: shieldnet_font, weight: "black", )[SHIELDNET CYBERSECURITY], #text(size: 1.1em, fill: white)[Cybersecurity Audit Checklist], ] #let icon_size = 45% #place( right + horizon, dx: -page.margin.right, box( baseline: icon_size, image( "./assets/shieldnet-logo-7.svg", height: icon_size, fit: "contain", ), ), ) ], ), ) }, footer: context if here().page() > 1 { text( size: 0.8em, fill: color.luma(35%), [ ShieldNet Cybersecurity #h(1fr) #{ here().page() - 1 } #align( center + bottom, block( width: page.width, height: 30%, fill: gradient.linear(..gradient_fill), ), ) ], ) }, ) // COVER PAGE #set page(background: context if here().page() == 1 { box( fill: gradient.linear(angle: 60deg, ..gradient_fill), width: 100%, height: 100%, ) place( top + center, rect( width: 100%, height: 100%, fill: pattern( size: (18pt, 18pt), place( dy: 3pt, dx: 1pt, circle( radius: 3.5pt, fill: blue.darken(65%), ), ), ), ), ) let globe = read("./assets/globe-thick.svg").replace( "#000000", blue.darken(40%).to-hex(), ) place( bottom + right, dy: 70pt, dx: 120pt, rotate(-20deg, image.decode(globe, height: 600pt)), ) let darken_amount = 30% place( top + right, stack( dir: btt, ..{ let rect_height = 30pt ( rect( width: 50pt, height: rect_height, fill: red.darken(darken_amount), ), rect( width: 75pt, height: rect_height, fill: gold.darken(darken_amount), ), rect( width: 100pt, height: rect_height, fill: blue.darken(darken_amount), ), ) }, ), ) place( horizon + left, rect( fill: blue.darken(darken_amount), height: 100%, width: 8pt, ), ) }) #context { let icon_size = 36pt place( left + top, align( horizon, grid( columns: 2, column-gutter: 5pt, image( "./assets/shieldnet-logo-7.svg", height: icon_size, fit: "contain", ), text( size: 1.6em, font: shieldnet_font, fill: gold, weight: "black", )[SHIELDNET\ CYBERSECURITY], ), ), ) place( center + horizon, box( width: page.width, text( font: "Roboto", size: 5em, fill: blue.lighten(75%), weight: "black", )[Cybersecurity Audit Checklist], ), ) place( left + bottom, dy: +2%, text( size: .75em, fill: white, style: "italic", )[ShieldNet Cybersecurity _|_ Prepared for NARO, Inc.], ) } #pagebreak() // Actual Content #let sec(title, subtitle, ..checklist_items) = { let inset = (x: 8pt, y: 5pt) [ #block( inset: inset, radius: 100%, fill: gold, text( font: "Roboto", fill: black, size: 1.3em, tracking: .1pt, weight: "black", )[= #title], ) #v(-.75em) #block( inset: (right: 6pt, bottom: 6pt), stroke: (right: .6pt, bottom: .6pt), radius: 5pt, )[ #box( width: 100%, inset: inset, radius: 100%, fill: rgb("#00265E"), text(fill: white, weight: "bold", size: 1.2em)[#subtitle], ) #align( center, text( size: 1.1em, table( columns: (5%, 90%), stroke: (_, y) => if y > 0 { (top: 0.6pt) }, align: left, ..checklist_items ), ), ) ] ] } #sec( "IDENTIFY", "RISK AWARENESS, MANAGING ASSETS, RISK MANAGEMENT STRATEGY", [☐], [Do you maintain an updated inventory of IT assets?], [☐], [Are guests properly identified when visiting a business location?], [☐], [Do you conduct background checks for new staff and external contractors?], [☐], [Do you require individual accounts for each employee?], [☐], [Are employees familiar with company policies on information security?], [☐], [Have you evaluated which users require access to an administrator account on their computer?], [☐], [Do you utilize session locks when a user is away from their computer?], [☐], [Do you use a badge-in system to restrict access to the physical business and other business locations?], ) \ #sec( "PROTECT", "TRAINING, ACCESS CONTROL, DATA SECURITY", [☐], [Do you conduct cybersecurity awareness training for employees?], [☐], [Do you regularly patch/update operating systems and software?], [☐], [Do you require two factor or multi factor authentication (2FA/MFA) for all logins?], [☐], [Do you employ full disk encryption on your systems?], [☐], [When you dispose of a system, do you ensure the data is securely wiped?], [☐], [Do you use a virtual private network (VPN) for out of office connections?], [☐], [Do you have firewalls in place to secure business networks?], [☐], [Do you change the default password for WiFI and/or other networks?], [☐], [Do you utilize anti-virus/anti-malware on your systems?], [☐], [Do you enforce a minimum password complexity?], ) \ #sec( "DETECT", "MONITORING, THREAT ANALYSIS, VERIFICATION", [☐], [Do you employ an Intrusion Detection System (IDS)?], [☐], [Are all personal devices used for work protected with security software and encryption?], [☐], [Are you running regular vulnerability scans? (E.g. using Nessus)], [], [How often do you audit existing user accounts? (Never, Daily, Weekly, Monthly, Annually, Other) \ #box(fill: luma(220), height: 2em, width: 100%)[]], [☐], [Do you collect any logs?], [☐], [If you do collect logs, do you monitor them?], [], [If you do collect logs, how long do you retain them?\ #box(fill: luma(220), height: 2em, width: 100%)[]], [☐], [Are physical devices and sensitive physical areas monitored?], [☐], [Do you conduct any audits for unusual employee behaviors? (e.g. checking for employees regularly logging in outside of business hours)], ) \ #sec( "RESPOND", "RESPONSE PLANNING, DISASTER MITIGATION, COMMUNICATION", [☐], [Do you have dedicated cyber security staff?], [☐], [Do you have a internal process for raising concerns about potential cyber incidents?], [☐], [Are you able to quickly lock down physical locations during a crisis?], [☐], [Have you determined when it may be necessary to include law enforcement in your disaster response?], [☐], [Are you able to alert users if you suspect their information may have been stolen?], [☐], [Are you prepared to respond to an environmental crisis that may impact your ability to continue normal business operations?], [☐], [Are you able to quickly quarantine any computer that is identified as compromised?], [☐], [Are employees aware of their responsibilities in the event of a security incident?], ) \ #sec( "RECOVER", "RECOVERY PLANS, CONTINUOUS IMPROVEMENTS", [☐], [Do you create full backups?], [☐], [If you do create backups, do you encrypt them?], [], [If you do create backups, how often do you test restoring from them? (Never, Daily, Weekly, Monthly, Annually, Other)\ #box(fill: luma(220), height: 2em, width: 100%)[]], [☐], [If you do create backups, do you keep at least 3 copies, on at least 2 different media types (e.g. a hard drive and a tape drive), and have at least 1 copy stored offsite (outside of your business)?], [☐], [Do you have a formal method or process for improving cybersecurity regularly?], [☐], [In the event of hardware failure, do you have a way to restore function? E.g. router failure.], [☐], [Are you currently enrolled in a Cyber Insurance program?], [☐], [Do you know how long it would take to carry out your recovery plan after an incident?], )