Information Security Process Evaluation Template

ComponentScore (0–2)Comments
Strategy

  • Written policies in consistent and easy-to-read format

  

  • Easily accessible via company intranet

  

  • Up to date with relevant changes

  

  • Nontechnical and easy to understand

  

  • Broad policies that cover relevant topics

  

  • Incorporate risk analysis and management

  
Components

  • Account administration

  

  • Remote access

  

  • Vulnerability management

  

  • Security awareness

  

  • Emergency response

  

  • Acceptable use of computers, email, Internet

  
Administration

  • Consistent application across company

  

  • Details on how policies will be monitored and enforced

  

  • Active involvement of critical functions such as human resources and legal in creation of policies

  

  • Multiple communication methods to disseminate ...

Get Executive Guide to Information Security, The: Threats, Challenges, and Solutions now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial