Do you use network forensics tools enabling to record packets passing through the organization’s Internet network boundaries and other organizationally defined boundaries?
Do you enforce port and protocol compliance?
Do you deploy organizationally specificly defined boundary protections?
Does the organization policy prohibit employees from posting ‘s data on to publicly accessible websites?
Does the company encrypt ‘s data at rest? If not, do you employ different mechanisms to achieve confidentiality protection?
Does the system monitor and manage
communications at the system boundary and at key
internal boundaries within the system?
Has the company identified network communications
boundaries?
Does the system monitor and manage
communications at the system boundary and at key
internal boundaries within the system?
Do policies for managed interfaces such as gateways,
routers, firewalls, VPNs, and company DMZs restrict
external web traffic to only designated servers exist?
Are they adequate to meet the needs of the
company?