A downloadable version of this checklist can be found at the bottom of this page
--------------------------------------------------------------------------------------------------
1 Introduction
This is a Checklist of Essential Actions related to Cyber Security. Use it to prepare and maintain an IT environment to minimise the risk, impact and effects of cyber security incidents.
2 Cyber Security Training
2.1 Regular Training
Keep people up-to-date on cyber security matters:
- Effective training is conducted regularly, at least annually, and as the cyber security landscape changes
- Training is updated regularly to keep up-to-date with the evolving cyber security landscape
- Additional training is provided for people who have Administrator privileges, or who use remote access
- Specific training on phishing is regularly conducted, at least every three months
- People who join the organisation are required to go through the training
3 Software Up-to-date and Secured
3.1 Operating Systems at Latest Release
Operating systems on desktops, laptops and portable/mobile devices are at the latest major releases:
- Microsoft Windows 10 and Windows 11
- MacOS 14 or 15
- Android
- iOS 14 or 15 on iPhones and iPads
3.2 Operating Systems Updated Regularly
Operating systems on desktops and laptops are kept up-to-date with regularly released updates, preferably automatically:
- Microsoft Windows 10 and Windows 11 run Windows Update regularly
- MacOS 14 or 15 is updated regularly
3.3 Applications at Latest Release
Applications are kept at the latest releases:
- Microsoft Office
- Web browsers (Chrome, Edge, Firefox, Safari, etc)
- Malware and Antivirus software
- Email servers and clients
- PDF viewers and editors
- Other software (purchased, freeware, custom, etc)
3.4 Applications Configured Securely
Applications are configured securely, following manufacturers’ or professional advice:
- Microsoft Office, including macros
- Web browsers (Chrome, Edge, Firefox, Safari, etc)
- Malware and Antivirus software
- Email servers and clients
- PDF viewers and editors
- Other software (purchased, freeware, custom, etc)
3.5 Malware and Antivirus Software Active with Latest Definitions
Malware and Antivirus software is:
- Installed and starting automatically at system startup
- Automatically updating to the latest malware and antivirus definitions
3.6 BIOS, Firmware and Drivers at Latest Releases
BIOS, firmware and driver versions on desktops and laptops are checked and updated as needed:
- BIOS
- Device drivers
- Device firmware
4 Data Management
4.1 Data
Data on the systems is understood:
- The scope and types of all data on systems is known
- Data has been classified to identify sensitive and high-value data
- Data needing to be restorable if lost or corrupted has been identified
4.2 Backups
Backups of data are being taken:
- Backup software is installed and usable
- Backup devices and sufficient disk space (or other devices, e.g. tapes) are available
- Data to be backed up has been identified
- The schedule of regular backups has been decided
- Backups are automated, or the person to do backups assigned
- Regular backups are performed
- Backups are regularly tested to ensure the data can be restored and it is correct when restored
4.3 Data Security
Data on the systems has appropriate safeguards:
- Sensitive and high-value data is protected against unauthorised access
- Sensitive and high-value data is encrypted when transferred or transported anywhere
- Sensitive and high-value data is securely destroyed when no longer needed
5 Access and Accounts
5.1 Operating System Accounts
All operating system accounts are controlled:
- All accounts must be approved
- Users have individual accounts – shared accounts are rarely, if ever, used
- Most accounts do not have Administrator privileges
- Only system administrators have accounts with Administrator privileges
- Accounts for people no longer with the organisation are disabled/deleted
5.2 Application Accounts
All application accounts, if any, are controlled:
- All accounts must be approved
- Users have individual accounts – shared accounts are rarely, if ever, used
- Most accounts do not have Administrator privileges
- Only system administrators have accounts with Administrator privileges
- Accounts for people no longer with the organisation are disabled/deleted
5.3 Multi-Factor Authentication
Multi-factor authentication is used where appropriate:
- Accounts and access requiring multi-factor authentication are identified
- Multi-factor authentication technology is available and understood
- Multi-factor authentication training is performed
5.4 Remote Access
Remote access is used where appropriate:
- Accounts and access requiring remote access are identified
- Remote access technology is available and understood
- Remote access training is performed
- Remote access logs are reviewed regularly (at least every month)
5.5 Network Access
Network access is secured:
- Access to manage network devices is protected by username and strong password
- WiFi access is restricted by needing a strong password to connect to the network
- Default passwords have been changed to strong passwords
- A Guest network with appropriate restrictions is available, if appropriate
6 Cyber Security Incident Preparedness
6.1 Plans
Plans exist or are being created for:
- Responding to a Cyber Security Incident
- Recovering from a Cyber Security Incident and restoring all normal activities
- Communicating during a Cyber Security Incident
6.2 Monitoring
There is monitoring to detect Cyber Security Incidents:
- Automated technology tools, where reasonable
- Human monitoring, where reasonable and effective
Comments
0 comments
Please sign in to leave a comment.