The World Bank Technology Risk Checklist

So you have done your best to secure your network, but you are wondering if you have really done everything possible. One useful way to find out would be to take a look at the World Bank Technology Risk Checklist (PDF format). This 31-page document asks a few hundred questions about your security setup. They cover a wide range of topics, including risk management ("Who is responsible for keeping records of cyber intrusions, costs of remediation, response time, and documenting procedures and processes?"), policy management ("Does your information security organization report to the IT organization, or is it a separate organization that maintains its independence and freedom from conflicts of interest?"), cyber intelligence ("When applying a patch to any system vulnerability, do you have a process for verifying the integrity, and testing the proper functioning of the patch?"), access controls ("Do you check for modems attached to PCs, routers, or printers?"), vulnerability testing ("Do your penetration tests encompass social engineering?"), wireless access ("Is someone responsible for tracking the number of employees with WLANs at home?"), and more.

The list is long and comprehensive; if you have answers for all of the questions, chances are you run a tight network.

---

(Log in to post comments)