TABLE OF CONTENTS Listed within this appendix is a layer-by-layer list of system security information that is useful when analyzing security and exploring ways to reduce vulnerabilities.
The check list shown in Table A.1 contains some common physical layer issues that can be reviewed to help measure overall physical security. While not all inclusive, it offers a good starting point.
| Issue | Finding |
|---|---|
| Is there perimeter security? | Yes No |
| If fence is present, what height is it? | 2 3 feet 4 5 feet 6 feet or taller |
| Is exterior lighting adequate to deter intruders? | Yes No |
| Is CCTV being used? | Yes No |
| Are exterior doors secured? | Yes No |
| Is access control being used at building entries? | Access card Lock Token Biometric Guard No access control |
| Are dumpsters in an area where the public can access? | Yes No |
| Are sensitive items shredded or destroyed before being discarded? | Yes No |
| Do interior areas have access control? | Yes No |
| Are the servers in a secure location? | Yes No |
| Does the server room have protection on all six sides? | Yes No |
| Are end users allowed uncontrolled access to Universal | Yes |
| Serial Bus (USB) ports or Compact Disc (CD)/Digital Versatile Disc (DVD) burners? | No |
Issues on the data link layer are primarily concerned with access and network control.The checklist shown in Table A.2 can help measure security at this layer.
| Issue | Finding |
|---|---|
| Are any hubs being used? | Yes No |
| Are virtual local... |
