Price/college
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
9aaa9d5054
college/Fall-2024/CS-3113/Group-Project/3-Audit-Checklist/Checklist.typ

385 lines
9.1 KiB
Plaintext
Raw Blame History

#let gold = rgb("#ffc500")
#set text(font: "Calibri")
#let gradient_fill = (
color.hsl(230deg, 60%, 20%),
color.hsl(225deg, 60%, 15%),
color.hsl(220deg, 60%, 15%),
color.hsl(220deg, 60%, 15%),
color.hsl(220deg, 60%, 15%),
color.hsl(220deg, 60%, 15%),
color.hsl(210deg, 60%, 15%),
color.hsl(210deg, 80%, 20%),
)
#let shieldnet_font = "IBM Plex Sans"
#set page(
margin: (x: 2cm, top: 3cm, bottom: 1cm),
header: context if here().page() > 1 {
align(
center + horizon,
box(
width: page.width,
height: 100%,
fill: gradient.linear(..gradient_fill),
[
#place(left + horizon, dx: +page.margin.left)[
#text(
size: 1.1em,
fill: gold,
font: shieldnet_font,
weight: "black",
)[SHIELDNET CYBERSECURITY],
#text(size: 1.1em, fill: white)[Cybersecurity Audit Checklist],
]
#let icon_size = 45%
#place(
right + horizon,
dx: -page.margin.right,
box(
baseline: icon_size,
image(
"./assets/shieldnet-logo-7.svg",
height: icon_size,
fit: "contain",
),
),
)
],
),
)
},
footer: context if here().page() > 1 {
text(
size: 0.8em,
fill: color.luma(35%),
[
ShieldNet Cybersecurity
#h(1fr)
#{
here().page() - 1
}
#align(
center + bottom,
block(
width: page.width,
height: 30%,
fill: gradient.linear(..gradient_fill),
),
)
],
)
},
)
// COVER PAGE
#set page(background: context if here().page() == 1 {
box(
fill: gradient.linear(angle: 60deg, ..gradient_fill),
width: 100%,
height: 100%,
)
place(
top + center,
rect(
width: 100%,
height: 100%,
fill: pattern(
size: (18pt, 18pt),
place(
dy: 3pt,
dx: 1pt,
circle(
radius: 3.5pt,
fill: blue.darken(65%),
),
),
),
),
)
let globe = read("./assets/globe-thick.svg").replace(
"#000000",
blue.darken(40%).to-hex(),
)
place(
bottom + right,
dy: 70pt,
dx: 120pt,
rotate(-20deg, image.decode(globe, height: 600pt)),
)
let darken_amount = 30%
place(
top + right,
stack(
dir: btt,
..{
let rect_height = 30pt
(
rect(
width: 50pt,
height: rect_height,
fill: red.darken(darken_amount),
),
rect(
width: 75pt,
height: rect_height,
fill: gold.darken(darken_amount),
),
rect(
width: 100pt,
height: rect_height,
fill: blue.darken(darken_amount),
),
)
},
),
)
place(
horizon + left,
rect(
fill: blue.darken(darken_amount),
height: 100%,
width: 8pt,
),
)
})
#context {
let icon_size = 36pt
place(
left + top,
align(
horizon,
grid(
columns: 2,
column-gutter: 5pt,
image(
"./assets/shieldnet-logo-7.svg",
height: icon_size,
fit: "contain",
),
text(
size: 1.6em,
font: shieldnet_font,
fill: gold,
weight: "black",
)[SHIELDNET\ CYBERSECURITY],
),
),
)
place(
center + horizon,
box(
width: page.width,
text(
font: "Roboto",
size: 5em,
fill: blue.lighten(75%),
weight: "black",
)[Cybersecurity Audit Checklist],
),
)
place(
left + bottom,
dy: +2%,
text(
size: .75em,
fill: white,
style: "italic",
)[ShieldNet Cybersecurity _|_ Prepared for NARO, Inc.],
)
}
#pagebreak()
// Actual Content
#let sec(title, subtitle, ..checklist_items) = {
let inset = (x: 8pt, y: 5pt)
[
#block(
inset: inset,
radius: 100%,
fill: gold,
text(
font: "Roboto",
fill: black,
size: 1.3em,
tracking: .1pt,
weight: "black",
)[= #title],
)
#v(-.75em)
#block(
inset: (right: 6pt, bottom: 6pt),
stroke: (right: .6pt, bottom: .6pt),
radius: 5pt,
)[
#box(
width: 100%,
inset: inset,
radius: 100%,
fill: rgb("#00265E"),
text(fill: white, weight: "bold", size: 1.2em)[#subtitle],
)
#align(
center,
text(
size: 1.1em,
table(
columns: (5%, 90%),
stroke: (_, y) => if y > 0 {
(top: 0.6pt)
},
align: left,
..checklist_items
),
),
)
]
]
}
#sec(
"IDENTIFY",
"RISK AWARENESS, MANAGING ASSETS, RISK MANAGEMENT STRATEGY",
[☐],
[Do you maintain an updated inventory of IT assets?],
[☐],
[Are guests properly identified when visiting a business location?],
[☐],
[Do you conduct background checks for new staff and external contractors?],
[☐],
[Do you require individual accounts for each employee?],
[☐],
[Are employees familiar with company policies on information security?],
[☐],
[Have you evaluated which users require access to an administrator account on their computer?],
[☐],
[Do you utilize session locks when a user is away from their computer?],
[☐],
[Do you use a badge-in system to restrict access to the physical business and other business locations?],
)
\
#sec(
"PROTECT",
"TRAINING, ACCESS CONTROL, DATA SECURITY",
[☐],
[Do you conduct cybersecurity awareness training for employees?],
[☐],
[Do you regularly patch/update operating systems and software?],
[☐],
[Do you require two factor or multi factor authentication (2FA/MFA) for all logins?],
[☐],
[Do you employ full disk encryption on your systems?],
[☐],
[When you dispose of a system, do you ensure the data is securely wiped?],
[☐],
[Do you use a virtual private network (VPN) for out of office connections?],
[☐],
[Do you have firewalls in place to secure business networks?],
[☐],
[Do you change the default password for WiFI and/or other networks?],
[☐],
[Do you utilize anti-virus/anti-malware on your systems?],
[☐],
[Do you enforce a minimum password complexity?],
)
\
#sec(
"DETECT",
"MONITORING, THREAT ANALYSIS, VERIFICATION",
[☐],
[Do you employ an Intrusion Detection System (IDS)?],
[☐],
[Are all personal devices used for work protected with security software and encryption?],
[☐],
[Are you running regular vulnerability scans? (E.g. using Nessus)],
[],
[How often do you audit existing user accounts? (Never, Daily, Weekly, Monthly, Annually, Other) \ #box(fill: luma(220), height: 2em, width: 100%)[]],
[☐],
[Do you collect any logs?],
[☐],
[If you do collect logs, do you monitor them?],
[],
[If you do collect logs, how long do you retain them?\ #box(fill: luma(220), height: 2em, width: 100%)[]],
[☐],
[Are physical devices and sensitive physical areas monitored?],
[☐],
[Do you conduct any audits for unusual employee behaviors? (e.g. checking for employees regularly logging in outside of business hours)],
)
\
#sec(
"RESPOND",
"RESPONSE PLANNING, DISASTER MITIGATION, COMMUNICATION",
[☐],
[Do you have dedicated cyber security staff?],
[☐],
[Do you have a internal process for raising concerns about potential cyber incidents?],
[☐],
[Are you able to quickly lock down physical locations during a crisis?],
[☐],
[Have you determined when it may be necessary to include law enforcement in your disaster response?],
[☐],
[Are you able to alert users if you suspect their information may have been stolen?],
[☐],
[Are you prepared to respond to an environmental crisis that may impact your ability to continue normal business operations?],
[☐],
[Are you able to quickly quarantine any computer that is identified as compromised?],
[☐],
[Are employees aware of their responsibilities in the event of a security incident?],
)
\
#sec(
"RECOVER",
"RECOVERY PLANS, CONTINUOUS IMPROVEMENTS",
[☐],
[Do you create full backups?],
[☐],
[If you do create backups, do you encrypt them?],
[],
[If you do create backups, how often do you test restoring from them? (Never, Daily, Weekly, Monthly, Annually, Other)\ #box(fill: luma(220), height: 2em, width: 100%)[]],
[☐],
[If you do create backups, do you keep at least 3 copies, on at least 2 different media types (e.g. a hard drive and a tape drive), and have at least 1 copy stored offsite (outside of your business)?],
[☐],
[Do you have a formal method or process for improving cybersecurity regularly?],
[☐],
[In the event of hardware failure, do you have a way to restore function? E.g. router failure.],
[☐],
[Are you currently enrolled in a Cyber Insurance program?],
[☐],
[Do you know how long it would take to carry out your recovery plan after an incident?],
)
Reference in New Issue View Git Blame Copy Permalink