cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Newcomer III

Cyber Security Architecture Review Checklist Needed

- Awaiting Tech Board next month, so I apologize for using this board in advance.

 

I am looking for a non-proprietary checklist to review new products or services my organization is putting into production.

 

I am looking for data security, access, and cloud location questions to make sure we gate all of these items for security concerns before they go into production.  Please contact me if you have something you can share.  I appreciate it.  

 

I do not wish to reinvent this wheel and I have not found any resources online as of yet.

Tags (1)
2 Replies
Contributor II

Re: Cyber Security Architecture Review Checklist Needed

If you have Information Security or InfoSec questionnaires from clients, start there. Many questionnaires have evolved into highly complex, in depth, multi-tabbed nightmares for InfoSec practitioners to fill out. Problem is most of the time are covered by BAAs and NDAs which is one reason your likely not getting people sending you their excel spreadsheets.

 

Second reason would be the use of that 'c' word is likely cutting your search results down to a very small sample. Many practitioners consider the 'c' word to be slang or part of some hype machine used by the ignorant or politicians. Great for schools and government types.

 

Use your favorite search engine and try this transom:  Information Security infrastructure checklist

 

Lots of examples to peruse.

Newcomer III

Re: Cyber Security Architecture Review Checklist Needed

You could look at something like this: http://www.isaca.org/Knowledge-Center/Research/ResearchDeliverables/Pages/cybersecurity-guidance-for...

 

Or ISO27001: https://www.iso.org/isoiec-27001-information-security.html

 

Or this: https://www.asd.gov.au/infosec/top-mitigations/mitigations-2017-table.html

 

And, use something from these as the basis for your checks. In the end we built our own set from these and other areas that are specific to the organisation.

 

Adam