Elements and Performance Criteria
- Ensure user accounts are controlled
- Modify default user settings to ensure they conform to security policy
- Modify previously created user settings to ensure they conform to updated security policy
- Ensure legal notices displayed at logon are appropriate
- Check strength of passwords using the appropriate utilities and consider tightening rules for password complexity
- Take action to ensure password procedures are reviewed with appropriate other internal departments
- Monitor email to uncover breaches in compliance with legislation
- Access information services to identify security gaps and take appropriate action using hardware and software or patches
- Secure file and resource access
- Review inbuilt security and access features of the operating system and consider need for further action
- Develop or review the file security categorisation scheme, and develop an understanding of the role of users in setting security
- Monitor and record security threats to the system
- Implement a virus checking process and schedule for the server, computer and other system components
- Investigate and implement inbuilt or additional encryption facilities
- Monitor threats to the network
- Use third-party software or utilities to evaluate and report on system security
- Review logs and audit reports to identify security threats
- Carry out spot checks and other security strategies to ensure that procedures are being followed
- Prepare and present an audit report and recommendations to appropriate person
- Obtain approval for recommended changes to be made