ISO IEC 27002 2005SECURITY AUDIT TOOL
|
ISO IEC 27002 2005 is now OBSOLETE. See our NEW ISO IEC 27002 2013 Audit Tool.
This web page will describe our
ISO IEC 27002 2005 (17799) Information We begin with a table of contents. It shows how we've
organized our audit tool. For each question,
three answers are possible: YES, NO, and N/A.
Since our audit questionnaires can be used to
identify the gaps that exist |
ISO IEC 27002 2005 (17799) |
||
PART |
TITLE 38 TABLE OF CONTENTS |
PAGE |
1 |
Audit Profile |
3 |
2 |
Audit Summary |
4 |
3 |
Introduction to Audit |
5 |
4 |
Outline of Audit Process |
6 |
5 |
Security Policy Management Audit |
14 |
6 |
Corporate Security Management Audit |
21 |
7 |
< PDF SAMPLE |
|
8 |
< HTML SAMPLE |
|
9 |
< PDF SAMPLE |
|
10 |
Communications and Operations Management Audit |
101 |
11 |
Information Access Control Management Audit |
153 |
12 |
Information Systems Security Management Audit |
188 |
13 |
Information Security Incident Management Audit |
215 |
14 |
Business Continuity Management Audit |
226 |
15 |
Compliance Management Audit |
240 |
16 |
Legal and Contact Information |
256 |
SEPT 2007 |
COPYRIGHT © 2007 BY PRAXIOM RESEARCH GROUP LIMITED |
VERSION 4.0 |
The following material presents a sample of our audit questionnaires.
TITLE 38 SAMPLE AUDIT QUESTIONS ISO IEC 27002 2005 [OBSOLETE] INFORMATION SECURITY AUDIT TOOL |
8.1 EMPHASIZE SECURITY PRIOR TO EMPLOYMENT |
ANSWERS |
COMMENTS |
|
||||
1 |
GOAL |
Have you
reduced the risk of theft, fraud, or |
YES |
NO |
N/A |
|
|
2 |
GOAL |
Have you
reduced the risk of theft, fraud, or |
YES |
NO |
N/A |
|
|
3 |
GOAL |
Have you
reduced the risk of theft, fraud,
or misuse |
YES |
NO |
N/A |
|
|
4 |
GOAL |
Have you
reduced the risk of theft, fraud, or |
YES |
NO |
N/A |
|
|
5 |
GOAL |
Have you
reduced the risk of theft, fraud, or |
YES |
NO |
N/A |
|
|
6 |
GOAL |
Have you
reduced the risk of theft, fraud, or |
YES |
NO |
N/A |
|
|
7 |
GOAL |
Do you use
clear job descriptions to |
YES |
NO |
N/A |
|
|
8 |
GOAL |
Do you use
employment terms and conditions |
YES |
NO |
N/A |
|
|
9 |
GOAL |
Do you
screen all employees before you hire |
YES |
NO |
N/A |
|
|
10 |
GOAL |
Do you
screen all contractors before you
|
YES |
NO |
N/A |
|
|
11 |
GOAL |
Do you
screen all third-party users, especially |
YES |
NO |
N/A |
|
|
12 |
GOAL |
Do you ask
prospective employees to sign |
YES |
NO |
N/A |
|
|
13 |
GOAL |
Do you ask
prospective contractors to sign |
YES |
NO |
N/A |
|
|
14 |
GOAL |
Do you ask
prospective third-party users |
YES |
NO |
N/A |
|
|
8.1.1 DEFINE SECURITY ROLES AND RESPONSIBILITIES |
ANSWERS |
COMMENTS |
|
||||
15 |
CTRL |
Are your
organization’s security roles and |
YES |
NO |
N/A |
|
|
16 |
CTRL |
Do you use
your security role and responsibility |
YES |
NO |
N/A |
|
|
17 |
CTRL |
Have you
implemented your information security |
YES |
NO |
N/A |
|
|
18 |
CTRL |
Have you
implemented your organization’s |
YES |
NO |
N/A |
|
|
19 |
CTRL |
Have you
implemented your organization’s |
YES |
NO |
N/A |
|
|
20 |
CTRL |
Have you
documented security |
YES |
NO |
N/A |
|
|
21 |
GUIDE |
Do your
security roles and responsibilities make |
YES |
NO |
N/A |
|
|
22 |
GUIDE |
Do your
security roles and responsibilities make |
YES |
NO |
N/A |
|
|
23 |
GUIDE |
Do your
organization’s security roles and |
YES |
NO |
N/A |
|
|
24 |
GUIDE |
Do your organization’s security roles and |
YES |
NO |
N/A |
|
|
25 |
GUIDE |
Do your organization’s security roles and |
YES |
NO |
N/A |
|
|
26 |
GUIDE |
Do your organization’s security roles and |
YES |
NO |
N/A |
|
|
27 |
GUIDE |
Do your
organization’s security roles and |
YES |
NO |
N/A |
|
|
28 |
GUIDE |
Do your
security roles and responsibilities |
YES |
NO |
N/A |
|
|
29 |
GUIDE |
Do your
security roles and responsibilities |
YES |
NO |
N/A |
|
|
30 |
GUIDE |
Do your
security roles and responsibilities make it |
YES |
NO |
N/A |
|
|
31 |
GUIDE |
Do your
security roles and responsibilities make |
YES |
NO |
N/A |
|
|
32 |
GUIDE |
Do your
security roles and responsibilities |
YES |
NO |
N/A |
|
|
33 |
GUIDE |
Do you
communicate your organization’s security |
YES |
NO |
N/A |
|
|
34 |
NOTE |
Do you
communicate your organization’s security |
YES |
NO |
N/A |
|
|
35 |
NOTE |
Do you use
job descriptions to document and |
YES |
NO |
N/A |
|
|
8.1.2 VERIFY THE BACKGROUNDS OF NEW PERSONNEL |
ANSWERS |
COMMENTS |
|
||||
36 |
CTRL |
Do you check
the backgrounds of all candidates |
YES |
NO |
N/A |
|
|
37 |
CTRL |
Do you check
the backgrounds of contractors |
YES |
NO |
N/A |
|
|
38 |
CTRL |
Do you check
the backgrounds of third-party |
YES |
NO |
N/A |
|
|
39 |
CTRL |
Do your
background checks comply |
YES |
NO |
N/A |
|
|
40 |
CTRL |
Do your
background checks comply |
YES |
NO |
N/A |
|
|
41 |
CTRL |
Do you
perform more rigorous background |
YES |
NO |
N/A |
|
|
42 |
CTRL |
Do you
perform more rigorous background checks |
YES |
NO |
N/A |
|
|
43 |
CTRL |
Do your
background checks meet your |
YES |
NO |
N/A |
|
|
44 |
GUIDE |
Do your
background checks comply |
YES |
NO |
N/A |
|
|
45 |
GUIDE |
Do your
background checks comply with all |
YES |
NO |
N/A |
|
|
46 |
GUIDE |
Do your
background checks comply with all |
YES |
NO |
N/A |
|
|
47 |
GUIDE |
Do you check
out the applicant’s |
YES |
NO |
N/A |
|
|
48 |
GUIDE |
Do you
verify the applicant’s |
YES |
NO |
N/A |
|
|
49 |
GUIDE |
Do you
verify the applicant’s |
YES |
NO |
N/A |
|
|
50 |
GUIDE |
Do you
verify the applicant’s |
YES |
NO |
N/A |
|
|
51 |
GUIDE |
Do you verify the applicant’s personal identify? |
YES |
NO |
N/A |
|
|
52 |
GUIDE |
Do you carry out credit checks on new personnel? |
YES |
NO |
N/A |
|
|
53 |
GUIDE |
Do you check
to see if applicants |
YES |
NO |
N/A |
|
|
54 |
GUIDE |
Do you
perform more detailed background |
YES |
NO |
N/A |
|
|
55 |
GUIDE |
Do you
perform more detailed background |
YES |
NO |
N/A |
|
|
56 |
GUIDE |
Have you
established procedures |
YES |
NO |
N/A |
|
|
57 |
GUIDE |
Do your
background checking procedures define |
YES |
NO |
N/A |
|
|
58 |
GUIDE |
Do your
background checking procedures define |
YES |
NO |
N/A |
|
|
59 |
GUIDE |
Do your
background checking procedures define |
YES |
NO |
N/A |
|
|
60 |
GUIDE |
Do your
background checking procedures define |
YES |
NO |
N/A |
|
|
61 |
GUIDE |
Do you use
contracts to control how personnel |
YES |
NO |
N/A |
|
|
62 |
GUIDE |
Do your
personnel agency contracts define |
YES |
NO |
N/A |
|
|
63 |
GUIDE |
Do agreements with
third-party users define |
YES |
NO |
N/A |
|
|
64 |
GUIDE |
Do your
background checks comply with |
YES |
NO |
N/A |
|
|
65 |
GUIDE |
Do all
candidates understand that background |
YES |
NO |
N/A |
|
|
8.1.3 USE CONTRACTS TO PROTECT YOUR INFORMATION |
ANSWERS |
COMMENTS |
|
||||
66 |
CTRL |
Do you use
contractual terms and conditions to |
YES |
NO |
N/A |
|
|
67 |
CTRL |
Do you use
contractual terms and conditions |
YES |
NO |
N/A |
|
|
68 |
CTRL |
Do you use
contractual terms and conditions |
YES |
NO |
N/A |
|
|
69 |
CTRL |
Do you use
contractual terms and conditions |
YES |
NO |
N/A |
|
|
70 |
GUIDE |
Do your
employment terms and conditions apply |
YES |
NO |
N/A |
|
|
71 |
GUIDE |
Do all new
employees sign confidentiality or |
YES |
NO |
N/A |
|
|
72 |
GUIDE |
Do all new
contractors sign confidentiality or |
YES |
NO |
N/A |
|
|
73 |
GUIDE |
Do all new
third-party users sign confidentiality |
YES |
NO |
N/A |
|
|
74 |
GUIDE |
Do you use
employment contracts to specify what |
YES |
NO |
N/A |
|
|
75 |
GUIDE |
Do you use
contractual terms and conditions |
YES |
NO |
N/A |
|
|
76 |
GUIDE |
Do you use
contractual terms and conditions |
YES |
NO |
N/A |
|
|
77 |
GUIDE |
Do you use
contractual terms and conditions |
YES |
NO |
N/A |
|
|
78 |
GUIDE |
Do you use
contractual terms and conditions to |
YES |
NO |
N/A |
|
|
79 |
GUIDE |
Do you use
employment contracts to state that |
YES |
NO |
N/A |
|
|
80 |
GUIDE |
Do you use
employment contracts to state |
YES |
NO |
N/A |
|
|
81 |
GUIDE |
Do you use
your contractual terms and conditions |
YES |
NO |
N/A |
|
|
82 |
GUIDE |
Do you use
your contractual terms and conditions |
YES |
NO |
N/A |
|
|
83 |
GUIDE |
Do you use
employment contracts to explain |
YES |
NO |
N/A |
|
|
84 |
GUIDE |
Do you use
contractual terms and conditions to |
YES |
NO |
N/A |
|
|
85 |
GUIDE |
Do you use
contractual terms and conditions |
YES |
NO |
N/A |
|
|
86 |
GUIDE |
Do you use
employment contracts to explain how |
YES |
NO |
N/A |
|
|
87 |
GUIDE |
Do you use
employment contracts to explain what |
YES |
NO |
N/A |
|
|
88 |
GUIDE |
Do you use
contracts to make it clear that personnel |
YES |
NO |
N/A |
|
|
89 |
GUIDE |
Do you use
employment contracts to explain |
YES |
NO |
N/A |
|
|
90 |
GUIDE |
Do you use
contracts to explain what will be done if |
YES |
NO |
N/A |
|
|
91 |
GUIDE |
Do you use
contracts to explain what will be done if |
YES |
NO |
N/A |
|
|
92 |
GUIDE |
Do you use
contractual terms and conditions to define |
YES |
NO |
N/A |
|
|
93 |
GUIDE |
Do you use
contractual terms and conditions to define |
YES |
NO |
N/A |
|
|
94 |
GUIDE |
Do you use
contractual terms and conditions to define |
YES |
NO |
N/A |
|
|
95 |
GUIDE |
Do you use
contractual terms and conditions to |
YES |
NO |
N/A |
|
|
96 |
GUIDE |
Do your
security restrictions and obligations |
YES |
NO |
N/A |
|
|
97 |
GUIDE |
Do you use a
code of conduct to describe the |
YES |
NO |
N/A |
|
|
98 |
GUIDE |
Do you use a
code of conduct to describe the |
YES |
NO |
N/A |
|
|
99 |
GUIDE |
Do you use a
code of conduct to describe the |
YES |
NO |
N/A |
|
|
100 |
GUIDE |
Do you use a
code of conduct to describe |
YES |
NO |
N/A |
|
|
101 |
GUIDE |
Do you use a
code of conduct to describe |
YES |
NO |
N/A |
|
|
102 |
GUIDE |
Do you use a
code of conduct |
YES |
NO |
N/A |
|
|
|
Etcetera ... |
YES |
NO |
N/A |
|
|
ORGANIZATION: |
SCOPE OF AUDIT: |
COMPLETED BY: |
DATE COMPLETED: |
REVIEWED BY: |
DATE REVIEWED: |
SEP 2007 |
COPYRIGHT © PRAXIOM RESEARCH GROUP LIMITED. ALL RIGHTS RESERVED. |
VER 4.0 |
PART 8 |
HUMAN RESOURCE SECURITY MANAGEMENT AUDIT |
PAGE 64 |
Updated on April 29, 2014. First published on November 8, 2004.
Legal
Restrictions on the Use of this Page
Copyright © 2004 - 2014 by Praxiom Research Group Limited. All Rights Reserved. |