Skip to main content

Deliverable 2

In this deliverable, you should prepare an initial draft of questions that you will use in your interview(s) with your point(s) of contact.  This list should include both questions that will meet the generic guidelines of the review (see below) and questions that are specific for the organization of interest.  You should treat these as sort of icebreaker questions; you are by no means limited to these questions during the interview.

Section 1 of your milestone report should include a series of generic questions that could be used within pretty much every organizational setting.  Questions should involve the following:

  1. General information about the organization’s IS infrastructure
    1. Number & type of network users (customers, suppliers, etc.)
    2. Key information assets
    3. In-house IT support, or outsourced?
    4. Type of networks (LAN, WAN, etc.)
    5. Types of communicative media and devices accommodated (wireless, Bluetooth, RFID, etc.)
  2. Security Policies and Procedures (Key policies and programs already in place)
    1. Pay particular attention to how security policies are implemented. Is management involved, as in identifying key assets, best practices, etc?
    2. How often are security audits performed?
    3. Reviewing and purging unnecessary applications from the network
    4. Handling new employees entering the company
    5. Handling employees leaving the company
    6. Policies for disclosing sensitive information to persons outside the company
  3. Access control systems
    1. Authentication methods
    2. Special access policies (e.g. password policies)
    3. Identifying which individuals have access to which systems and/or data
  4. Risk assessment procedures
    1. Preventative measures and systems
      1. IDS, firewalls, proxy servers, data encryption, etc.
    2. VPN availability
    3. Business continuity planning (including testing)
    4. Physical security
    5. Electronic monitoring
    6. Policies for removing laptops and/or computer equipment from the premises

Section 2 should include any other questions that are specific for your particular organization.  In other words, this section should be highly unique, to the extent that it would be impossible to provide a list of concepts here.  Despite the list of concepts for Section 1 above, you should spend quite a bit more time planning for Section 2.

NOTE:  This deliverable is a list of questions only… a “wish list,” if you will.  Do not provide answers to the questions in this deliverable.

Reasonable expectation: around 2-3 pages

Back to top