Do the firewalls have any rules that permit ‘any’ network, sub network, host, protocol or port on any of the firewalls (internal or external)?

Are all available high-risk security patches for network devices applied and verified ?

Do you have policies and procedures for the configuration an implementation of wireless network environment perimeter and to the restriction of unauthorized wireless traffic?

A.13.2.2 Agreements on Information transferDo contracts with external parties and agreements within the Organization detail the requirements for securing business information in transfer?

A.13.2.3 Electronic MessagingIs there a policy in place for the acceptable use of email, instant messaging and other electronic communications?

A.13.2.4 Confidentiality or Non-disclosure agreementsDo employees, contractors and third party users sign confidentiality or non disclosure agreements?

Are these agreements subject to regular review?

Are records of the agreements maintained?

A.13.1.3 Segregation in NetworksHas the network been segregated appropriately to facilitate effective information security?

A.13.2.1 Information Transfer policies and proceduresDo organizational policies govern how information is transferred?