Ezine

This article can also be found in the Premium Editorial Download "Information Security magazine: CISO survival guide: 18 of the best security tips."

Download it now to read this article plus other related content.

Model Behavior
A sample partner trust assessment

    Operational Security
  • Has a SAS 70 certification been completed? (Provide copy)
  • Are security operations, policies, procedures and standards in alignment with the ISO 17799 or ISO 27000 series standards?
  • Are security policies, procedures and standards documented? (Provide copies)
  • How are background checks on employees and contractors performed prior to hiring?
  • Describe security training and awareness programs
    Physical Security
  • Describe physical facility and floor area on which services for Sun will be performed
  • Describe controls to address physical security of hardware, software and data communications equipment
  • Describe how network servers and components are secured from unauthorized access, physically and logically
  • Can an agent room, dedicated server room and network be allocated exclusively to support Sun's project requirements?
    System Security
  • Describe patch management processes
  • Describe user identification, authentication and authorization processes
  • How is application and network authentication performed with their customer environment?
  • Describe server hardening methodologies and tools to

    Requires Free Membership to View

    Login

  • maintain server security
  • What data exchange needs to happen between Sun and partner to support this project?
  • What data storage will be done at the partner location?
  • How is sensitive data secured during data exchange, at rest and in the backup process?
  • Is Sun's data separated from other customer data held by partner?
  • Describe your data backup and archive procedure
    Network Security
  • Describe network topology, including external connectivity, server locations and physical/logical network partitioning as it matters from the security perspective
  • Provide a topology diagram of the network architecture, including application and database servers infrastructure with network connectivity and data flow
  • Describe your incident response procedures
  • Describe your virus protection procedure
  • Describe your system administration procedure
  • Describe the encryption methodology being used within your network

This was first published in July 2007

Join the conversationComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.
    Back to top