1 - 3 IT Essentials II v2.0 - Lab 14.1.8
Copyright
2002, Cisco Systems, Inc.
Lab 14.1.8: Security Checklist
Estimated Time: 30 minutes
Objective
Upon completion of this lab, the student will analyze school computer security policies
and offer suggestions for improvement.
Equipment
The following item is needed to complete this exercise:
•
Pencil
Scenario
The school computing environment must be reviewed with an emphasis on security. The
initial procedures for the review have already been completed.
Procedures
Answer the following questions to better assess the level of security at the school.
Step 1
List any measures taken to protect the premises against external intruders, such as
guards, cameras, fences, and secure parking areas.
__________________________________________________________________
__________________________________________________________________
__________________________________________________________________
List any features used to secure the building, such as security doors, locked windows,
and guards.
__________________________________________________________________
__________________________________________________________________
__________________________________________________________________
List the ways in which access to sensitive areas is controlled, such as by using keys,
combination locks, and proximity readers.
__________________________________________________________________
__________________________________________________________________
__________________________________________________________________
List the people who control access to the sensitive areas of the building.
2 - 3 IT Essentials II v2.0 - Lab 14.1.8
Copyright
2002, Cisco Systems, Inc.
__________________________________________________________________
Is there a security alarm on the building? Is there a separate alarm in the sensitive areas
within the building?
__________________________________________________________________
__________________________________________________________________
How frequently is access to sensitive areas reviewed? Is it reviewed monthly, semi-
annually, annually, or never?
__________________________________________________________________
Are key card control measures in place for departing employees?
__________________________________________________________________
Are all production servers secured within a controlled access area?
__________________________________________________________________
Are all production servers secured within a locked rack?
________________________
Are the cases on all production servers locked? Is access to the keys controlled?
__________________________________________________________________
Is removable media kept secured at all times? Where is this media secured? Is it secured
in a desk, locked cabinet, next to the server, or offsite?
__________________________________________________________________
How recently have the physical security measures been audited? Was it an internal or
external audit? Were any deficiencies corrected?
__________________________________________________________________
If a card reader system is being used, how often is usage monitored? By whom?
__________________________________________________________________
How easy is it to get on a computer connected to the network?
__________________________________________________________________
Step 2
Are there any problems with the computer environment security? If so, list the problems
and possible solutions.
__________________________________________________________________
__________________________________________________________________
3 - 3 IT Essentials II v2.0 - Lab 14.1.8
Copyright
2002, Cisco Systems, Inc.
__________________________________________________________________
__________________________________________________________________
__________________________________________________________________
__________________________________________________________________
Troubleshooting
The IT department should be up to date on all security measures. They should know
which personnel can access the main office and the sensitive equipment areas.
Reflection
Security is a very important part of the computing world. Which companies are most likely
to have very high security measures in place?
__________________________________________________________________
__________________________________________________________________
Is the security of the school sufficient? Why or why not?
__________________________________________________________________
__________________________________________________________________
__________________________________________________________________