170 lines
5.1 KiB
Plaintext
170 lines
5.1 KiB
Plaintext
#show link: set text(blue)
|
|
#set page(margin: (y: .5in))
|
|
#set text(font: "Calibri", size: 12pt)
|
|
|
|
|
|
#let solve(solution) = [
|
|
#let solution = align(
|
|
center,
|
|
block(
|
|
inset: 5pt,
|
|
stroke: blue + .3pt,
|
|
fill: rgb(0, 149, 255, 15%),
|
|
radius: 4pt,
|
|
)[#align(left)[#solution]],
|
|
)
|
|
#solution
|
|
]
|
|
#align(
|
|
center,
|
|
block(
|
|
inset: 10pt,
|
|
width: 100%,
|
|
stroke: blue + 1pt,
|
|
fill: rgb(0, 149, 255, 15%),
|
|
radius: 4pt,
|
|
text(rgb(0, 149, 255), size: 1.5em, [= Orion Technologies\ Cybersecurity Compliance Checklist]),
|
|
),
|
|
)
|
|
|
|
#align(center)[#box(
|
|
inset: 5pt,
|
|
radius: 4pt,
|
|
width: 60%,
|
|
stroke: green + .5pt,
|
|
fill: rgb(0, 200, 100, 15%),
|
|
text(green, [== Identify (9 Questions)]),
|
|
)]
|
|
#align(center, line(length: 80%, stroke: green))
|
|
#table(
|
|
inset: (
|
|
x: 15pt,
|
|
),
|
|
columns: (auto, auto),
|
|
table.header(
|
|
[*Questions*],
|
|
[*Response (Yes, No, Short Answer)*],
|
|
),
|
|
|
|
[Do you utilize session locks when a user is away from a computer and if so, is the lock triggered by a timer or proximity?],
|
|
[],
|
|
|
|
[Do you conduct background checks on new employees?], [],
|
|
[Do you require employees to sign an acceptable use policy for computer systems?],
|
|
[],
|
|
|
|
[Do you have a bring your own device policy?], [],
|
|
[Do you have a badge in system to enter any physical office?], [],
|
|
[Are there any shared accounts used by multiple employees?], [],
|
|
[Do you require individual accounts for each employee?], [],
|
|
[Do any non-IT of your users to have admin on their computers?], [],
|
|
[Do you have centralized control over all your computers? (If you don't know, answer no.)],
|
|
[],
|
|
)
|
|
#align(center)[#box(
|
|
inset: 5pt,
|
|
radius: 4pt,
|
|
width: 60%,
|
|
stroke: green + .5pt,
|
|
fill: rgb(0, 200, 100, 15%),
|
|
text(green, [== Protect (16 Questions)]),
|
|
)]
|
|
#align(center, line(length: 80%, stroke: green))
|
|
#table(
|
|
inset: (
|
|
x: 15pt,
|
|
),
|
|
columns: (auto, auto),
|
|
table.header(
|
|
[*Questions*],
|
|
[*Response (Yes, No, Short Answer)*],
|
|
),
|
|
|
|
[Do you conduct any computer system or cybersecurity awareness training for employees?],
|
|
[],
|
|
|
|
[Can a single employee both initiate and approve a transaction?], [],
|
|
[Do you enforce a minimum password complexity for accounts?], [],
|
|
[Are you using a password manager to manage logins for websites and services?],
|
|
[],
|
|
|
|
[Do you use two factor authentication (2FA/MFA) for all logins?], [],
|
|
[If a password change occurs, do you allow users to reuse old password?], [],
|
|
[When a user updates their password, do you check it against commonly known vulnerable passwords? (e.g. against https://haveibeenpwned.com/)],
|
|
[],
|
|
|
|
[Do you use surge protectors and uninterruptible power supplies (UPS)?], [],
|
|
[Do you regularly update your software and operating systems?], [],
|
|
[Do you use full disk encryption on computer systems?], [],
|
|
[Do you change the default passwords for WiFi or other networks?], [],
|
|
[Do you enable guest networks?], [],
|
|
[Do you use a virtual private network (VPN) for out of office connections?],
|
|
[],
|
|
|
|
[Have you set up any email filtering (e.g. checking for spam)?], [],
|
|
[Do you block any websites?], [],
|
|
[When you dispose of a system, do you ensure the data is securely wiped?], [],
|
|
)
|
|
|
|
#align(center)[#box(
|
|
inset: 5pt,
|
|
radius: 4pt,
|
|
width: 60%,
|
|
stroke: green + .5pt,
|
|
fill: rgb(0, 200, 100, 15%),
|
|
text(green, [== Detect (8 Questions)]),
|
|
)]
|
|
#align(center, line(length: 80%, stroke: green))
|
|
#table(
|
|
inset: (
|
|
x: 15pt,
|
|
),
|
|
columns: (auto, auto),
|
|
table.header(
|
|
[*Questions*],
|
|
[*Response (Yes, No, Short Answer)*],
|
|
),
|
|
|
|
[Do you utilize anti-virus programs?], [],
|
|
[Do you use a firewall with an Intrusion Detection System (IDS)?], [],
|
|
[How often do you audit existing user accounts? (Never, Daily, Weekly, Monthly, Other)],
|
|
[],
|
|
|
|
[Are running regular vulnerability scans? (e.g. using #link("https://www.tenable.com/products/nessus", "Nessus"))],
|
|
[],
|
|
|
|
[Do you collect any logs?], [],
|
|
[If you do collect logs, do you monitor them?], [],
|
|
[If you do collect logs, how long do you retain them?], [],
|
|
[Do you conduct any audits for unusual employee behaviors? (e.g. regularly logging in outside of business hours)],
|
|
)
|
|
#align(center)[#box(
|
|
inset: 5pt,
|
|
radius: 4pt,
|
|
width: 60%,
|
|
stroke: green + .5pt,
|
|
fill: rgb(0, 200, 100, 15%),
|
|
text(green, [== Respond & Recover (7 Questions)]),
|
|
)]
|
|
#align(center, line(length: 80%, stroke: green))
|
|
#table(
|
|
inset: (
|
|
x: 15pt,
|
|
),
|
|
columns: (auto, auto),
|
|
table.header(
|
|
[*Questions*],
|
|
[*Response (Yes, No, Short Answer)*],
|
|
),
|
|
|
|
[Do you have a plan in the case of a Cybersecurity incident?], [],
|
|
[Do you create complete backups?], [],
|
|
[Do you currently have any type of cyber insurance?], [],
|
|
[If you do create backups, do you encrypt them?], [],
|
|
[If you do create backups, how often? (Daily, Weekly Monthly)], [],
|
|
[If you do create backups, do you keep at least *3* copies, on at least *2* different media types (e.g. a hard drive and a tape drive), and at least *1* copy offsite (outside your office)?],
|
|
[],
|
|
|
|
[If you do create backups, do you test restoring from those backups?], [],
|
|
)
|