SAPLIB

The environment of the data center will come under scrutiny as well. Not only will the auditors examine the physical access controls to the data center but they will also examine the suitability of the data center to house sensitive information and systems. As such the following items are examined
- The structure of the walls, ceiling, and floor
- The security of the wiring
- Fire suppression
- Environmental controls
- Power (more…)

Popularity: 38% [?]

Logical access controls determine which individuals have access to what information. Some of the items examined here are mechanisms in place on computer and network systems and some pertain to the overall architecture of the offerings provided by the organization. Some of the items that will be investigated include
- Individuals who have access to client information
- Individuals with privileged access to network devices such as firewalls and routers and computer systems
- Appropriateness of individual access to job function
- Appropriateness of user management procedures to identify dormant and unused accounts and to determine individual access
- Restriction of customer access to prevent the sharing of information
- Mechanisms in place to prevent unauthorized access to client information (both with regard to other clients and employees)

The information that is necessary to evaluate these issues is not solely related to the controls on the computer systems. The auditors will need to understand the underlying architecture that separates sensitive information and the procedures used by the organization to manage user access effectively.

Popularity: 41% [?]

Secret or Level 2 Clearance
A secret clearance (also known as ‘collateral secret’ or ‘ordinary secret’) is broadly similar to the UK SC clearance. There are a number of things that can complicate obtaining secret clearance:
- Residences in foreign countries
- Relatives outside the United States
- Significant ties with non-US citizens
- Bankruptcy and unpaid bills
- Criminal charges of any kind.

Poor financial history is the number-one cause of rejection and foreign activities and criminal records are also common causes for disqualification. A secret clearance requires an NACLC check. It must also be reinvestigated every 10 years (though, in practice, it tends to happen more often).

Top Secret or Level 3 Clearance (more…)

Popularity: 31% [?]

SAP Security In-Depth is a free technical publication leaded by the Onapsis Research Labs with the purpose of providing specialized information about the current and future risks in the SAP security field, allowing all the different actors (financial managers, information security managers, SAP administrators, auditors, consultants and the general professional community) to better understand the involved risks and the techniques and tools available to assess and mitigate them. (more…)

Popularity: 66% [?]

Download Free Wireless LAN Security Policy Checklist
- Identify who may use WLAN technology in an company
- Identify whether Internet access is required
- Describe who can install access points and other wireless equipment
- Provide limitations on the location of and physical security for access points
- Describe the type of information that may be sent over wireless links
- Describe conditions under which wireless devices are allowed (more…)

Popularity: 69% [?]