1 - 3 IT Essentials II v2.0 - Lab 14.1.8

Copyright



2002, Cisco Systems, Inc.

Lab 14.1.8: Security Checklist

Estimated Time: 30 minutes

Objective

Upon completion of this lab, the student will analyze school computer security policies
and offer suggestions for improvement.

Equipment

The following item is needed to complete this exercise:

•

Pencil

Scenario

The school computing environment must be reviewed with an emphasis on security. The
initial procedures for the review have already been completed.

Procedures

Answer the following questions to better assess the level of security at the school.

Step 1

List any measures taken to protect the premises against external intruders, such as
guards, cameras, fences, and secure parking areas.

__________________________________________________________________

__________________________________________________________________

__________________________________________________________________

List any features used to secure the building, such as security doors, locked windows,
and guards.

__________________________________________________________________

__________________________________________________________________

__________________________________________________________________

List the ways in which access to sensitive areas is controlled, such as by using keys,
combination locks, and proximity readers.

__________________________________________________________________

__________________________________________________________________

__________________________________________________________________

List the people who control access to the sensitive areas of the building.

2 - 3 IT Essentials II v2.0 - Lab 14.1.8

Copyright



2002, Cisco Systems, Inc.

__________________________________________________________________

Is there a security alarm on the building? Is there a separate alarm in the sensitive areas
within the building?

__________________________________________________________________

__________________________________________________________________

How frequently is access to sensitive areas reviewed? Is it reviewed monthly, semi-
annually, annually, or never?

__________________________________________________________________

Are key card control measures in place for departing employees?

__________________________________________________________________

Are all production servers secured within a controlled access area?

__________________________________________________________________

Are all production servers secured within a locked rack?

________________________

Are the cases on all production servers locked? Is access to the keys controlled?

__________________________________________________________________

Is removable media kept secured at all times? Where is this media secured? Is it secured
in a desk, locked cabinet, next to the server, or offsite?

__________________________________________________________________

How recently have the physical security measures been audited? Was it an internal or
external audit? Were any deficiencies corrected?

__________________________________________________________________

If a card reader system is being used, how often is usage monitored? By whom?

__________________________________________________________________

How easy is it to get on a computer connected to the network?

__________________________________________________________________

Step 2

Are there any problems with the computer environment security? If so, list the problems
and possible solutions.

__________________________________________________________________

__________________________________________________________________

3 - 3 IT Essentials II v2.0 - Lab 14.1.8

Copyright



2002, Cisco Systems, Inc.

__________________________________________________________________

__________________________________________________________________

__________________________________________________________________

__________________________________________________________________

Troubleshooting

The IT department should be up to date on all security measures. They should know
which personnel can access the main office and the sensitive equipment areas.

Reflection

Security is a very important part of the computing world. Which companies are most likely
to have very high security measures in place?

__________________________________________________________________

__________________________________________________________________

Is the security of the school sufficient? Why or why not?

__________________________________________________________________

__________________________________________________________________

__________________________________________________________________