Access Restrictions (Internal)
Changing Passwords: Passwords should consist of combinations of letters, numbers and symbols that cannot be
personal identifiers. Passwords must be changed at least every 90 days and should not be reused.
Passwords must be deactivated if the particular password is not changed. An warning message must be generated
certain number of days before the password expires.
System Lock Out: All users should maintain a login ID, password and station number to access the computer system.
After three unsuccessful attempts to login, the user should be locked out of the computer system and the System
administrator must reinstate the user's right to access to the system.
Monitoring and Limiting Internet Access: Company should requires their employees to sign an agreement which
outlines the system security issues and internet restrictions. Management should be able to track internet access and
usage to prevent abuse.
Establishing and Receiving Access Levels: Access levels should be assigned by job category and position. Access
levels of users should be reviewed regularly and access levels should be changed if there is job changed.
Viruses/Firewalls/Tampering Prevention (External)
Maintaining System Intergrity: The IT system should contain multilevel safeguards to log and detect viruses, violations
and tampering. The system should be able to identify the weaknesses and safeguard the IT systems of the company.
Educating Employees on System Vulnerabilities: Beware of hackers and cyber attacks. All system users should be
alert of virus attacks and the unauthorised release of information.
Virus Quarantine Software: Virus quarantine software should be installed to prevent virus infecting the computer system.
Securing Remote Access: Virtual Private Network (VPN) should be implemented for users to communicate within the
company networks. Users are issued an access card and unique PIN. The access card or device should have a random
sequence of numbers that changes every minute to protect the whole system from unauthorized access.
Testing System Security: IT system should be tested regularly in order to ensure the system's security and identify
vulnerabilities and weaknesses.
Polices/ Procedures/ Management Support/ Training
Approach to IT Security: Meetings should be held regularly to ensure system security. There should be in-depth analysis
of system vulnerabilities, a data recovery plan and up to date anti-virus software. Make sure the IT security policy is fully
documented and updates are made known to the employees. Employees are required to attend a basic IT security
awareness course.
Data Back Up and Recovery Plan
Contingency Plan: A comprehensive disaster recovery plan to deal with any unpredictable incidents and uninterruptible
power supply to ensure power supply for IT systems.
Data Storage: Data should be back-up daily and store in a safe and fireproof place. Ensure additional back-up is stored
weekly in separate location.
Hardware Security
Server: The server is stored in a fireproof locked room where access is monitored and recorded.
Password Protected Screen Saver: Password protected screen saver is required to install on all workstations and
must be activated within a certain period of time when there is no activity.
Changing Passwords: Passwords should consist of combinations of letters, numbers and symbols that cannot be
personal identifiers. Passwords must be changed at least every 90 days and should not be reused.
Passwords must be deactivated if the particular password is not changed. An warning message must be generated
certain number of days before the password expires.
System Lock Out: All users should maintain a login ID, password and station number to access the computer system.
After three unsuccessful attempts to login, the user should be locked out of the computer system and the System
administrator must reinstate the user's right to access to the system.
Monitoring and Limiting Internet Access: Company should requires their employees to sign an agreement which
outlines the system security issues and internet restrictions. Management should be able to track internet access and
usage to prevent abuse.
Establishing and Receiving Access Levels: Access levels should be assigned by job category and position. Access
levels of users should be reviewed regularly and access levels should be changed if there is job changed.
Viruses/Firewalls/Tampering Prevention (External)
Maintaining System Intergrity: The IT system should contain multilevel safeguards to log and detect viruses, violations
and tampering. The system should be able to identify the weaknesses and safeguard the IT systems of the company.
Educating Employees on System Vulnerabilities: Beware of hackers and cyber attacks. All system users should be
alert of virus attacks and the unauthorised release of information.
Virus Quarantine Software: Virus quarantine software should be installed to prevent virus infecting the computer system.
Securing Remote Access: Virtual Private Network (VPN) should be implemented for users to communicate within the
company networks. Users are issued an access card and unique PIN. The access card or device should have a random
sequence of numbers that changes every minute to protect the whole system from unauthorized access.
Testing System Security: IT system should be tested regularly in order to ensure the system's security and identify
vulnerabilities and weaknesses.
Polices/ Procedures/ Management Support/ Training
Approach to IT Security: Meetings should be held regularly to ensure system security. There should be in-depth analysis
of system vulnerabilities, a data recovery plan and up to date anti-virus software. Make sure the IT security policy is fully
documented and updates are made known to the employees. Employees are required to attend a basic IT security
awareness course.
Data Back Up and Recovery Plan
Contingency Plan: A comprehensive disaster recovery plan to deal with any unpredictable incidents and uninterruptible
power supply to ensure power supply for IT systems.
Data Storage: Data should be back-up daily and store in a safe and fireproof place. Ensure additional back-up is stored
weekly in separate location.
Hardware Security
Server: The server is stored in a fireproof locked room where access is monitored and recorded.
Password Protected Screen Saver: Password protected screen saver is required to install on all workstations and
must be activated within a certain period of time when there is no activity.
 |
| |
 |
| |
 |
| |
 |
| |
 |
| |
 |
| |
 |
| |
 |
 | |  | |  | |  | |  | |  |
IT Security