|
Hello, my name is Lesley Chaddock and I am currently undertaking a project on the complexities of implementing IT security procedures in todays legislative framework. This project is in partial fulfilment of the requirements for the degree of Master of Science.
As such you are invited to participate in the following survey and to answer the questions as openly and honestly as you feel able.
For each fully completed survey I receive, I will make a donation to Oxfam to help them to continue with the excellent work they do throughout our world.
An outcome of the project is to develop a practical guide to assist in identifying relevant legislation and prioritising appropriate IT security Best Practice. You may submit your survey anonymously but if you would like to receive a copy of this guide you are invited to submit your email address at the end.
Thank you very much for your time and support. Please start with the survey now by clicking on the Continue button below.
|
| |
|
|
|
|
| 1. Please indicate the size of the Company that you work for: |
| |
| |
|
|
|
| |
| * 2. Please provide your job title. | | |
| |
|
|
|
|
| 3. Please indicate whether you have a dedicated IT department in your Company. |
| |
| |
|
|
|
|
| 4. If the answer to the previous question was Yes - how many people are employed within that department? |
| |
| |
|
|
|
|
| 5. Which department in your Company is responsible for security? |
| |
| |
|
|
|
|
| 6. Which department in your Company is responsible for Data Protection? |
| |
| |
|
|
|
|
| 7. Do you have an IT Security Policy (either as a document in its own right or as part of an overall IT Policy)? |
| |
| |
|
|
|
|
| 8. Does the IT/Security Policy form part of the Contract of Employment? |
| |
| |
|
|
|
|
| 9. When was your IT Security Policy last updated? |
| |
| |
|
|
|
|
| 10. When do you next plan to update the IT Security Policy? |
| |
| |
|
|
|
|
| 11. If the IT Security Policy has been recently updated were all employees made aware of the specific changes? |
| |
| |
|
|
|
|
12. Does the IT Security Policy clearly define what might be considered as misuse of the Company IT systems?
|
| |
| |
|
|
|
|
13. Does the IT Security Policy clearly define any disciplinary actions that may be taken in the event of misuse of the Company IT systems?
|
| |
| |
|
|
|
|
| 14. Does your IT Security Policy identify all legislation with which your company aims to comply? |
| |
| |
|
|
|
|
| 15. Is compliance with your overall IT Security Policy audited? |
| |
| |
|
|
|
|
| 16. If it is audited - is this a manual or automated process? |
| |
| |
|
|
|
|
| 17. How often is your IT Security (and Policy) audited? |
| |
| |
|
|
|
|
| 18. If you do not currently have an IT Security Policy - are you planning to implement one? |
| |
| |
|
|
|
|
| 19. Do you have specific procedures/checklists in place to cover leavers (this includes dismissal or redundancy)? |
| |
| |
|
|
|
|
20. Is data properly erased from hardware/media before disposal?
Note: By properly we mean using a specific software tool rather than a simple del *.* or reformatting. |
| |
| |
|
|
|
|
| 21. Does your Company monitor your employees' use of eMail? |
| |
| |
|
|
|
|
| 22. If you do monitor eMail - do your employees know that they are being monitored? |
| |
| |
|
|
|
|
| 23. If eMail is monitored are regular reports issued to management? |
| |
| |
|
|
|
|
| 24. Does your Company monitor your employees' use of the Internet? |
| |
| |
|
|
|
|
| 25. If Internet use is monitored - do your employees know that they are being monitored? |
| |
| |
|
|
|
|
| 26. If Internet use is monitored - are regular reports issued to management? |
| |
| |
|
|
|
|
| 27. Does your Company allow access to 'non-Company' webmail systems? (i.e. Hotmail) |
| |
| |
|
|
|
|
| 28. Does your Company ban access to specific web sites? |
| |
| |
|
|
|
|
| 29. Do you know who, in your company, is responsible for ensuring that Corporate Governance issues, which include compliance with relevant legislation, are complied with? |
| |
| |
|
|
|
| 30. If it is you - do you known where to find information relating to the following IT legislation?
|
|
|
|
|
|
|
| 31. Are you aware of any current misuse of IT systems within your Company? |
| |
| |
|
|
|
|
| 32. If you are aware of any misuse, how was it discovered? |
| |
| |
|
|
|
|
| 33. Are you aware of any incidents of misuse of IT systems within your Company in the last 12 months? |
| |
| |
|
|
|
As part of the investigative process I will be reviewing Case Studies of anomalies that have arisen despite there being policies in place I would be very grateful for any contributions. You do not need to provide specific detail of names, job positions, etc.
If you are able to do this please use the space below or if you would prefer please email me at : [email protected]
with the following information:
The incident/anomaly;
The specific policy/rule which was abused;
How the incident was discovered;
The outcome of any investigation.
|
|
| 34. Are you able to provide details of misuse of IT systems? (specifically those that have occurred in the last 12 months) |
| |
| |
|
|
|
| 35. In your opinion, do you think that companies are generally taking IT security seriously and that they are on top of current legislation?
|
|
| |
|
|
|
|
| 36. Does your Company currently have a recognised IT Security accreditation? (i.e. BS7799 or ISO17799, ITIL, etc.) |
| |
|
|
|
|
|
| * 37. You may submit your response anonymously but if you provide your eMail address in the space provided I will send you the resulting guidelines. |
| |
| |
|
|
|
Loading...
