| Examples
of controls to reduce the risks of data loss, unauthorized access, and
unavailable systems:
-
Access
to sensitive and critical data is limited through user identifications
and passwords. Each user is assigned an appropriate access
level.
-
User
access is terminated when the employee leaves.
-
Passwords
are not shared.
-
Passwords
are periodically changed.
-
The system
limits the number of unsuccessfully password attempts.
-
Servers
are protected from unauthorized physical access and environmental
damage (fire, water, etc.).
-
Critical
data is backed up daily, with backup stored off-site.
-
Servers
are connected to an uninterruptible power supply system.
-
Each
computer has up-to-date virus protection software.
-
Operating
systems are updated for current security patches and applications
are configured for security. System administrator access is
limited to a few persons.
-
The unit
has developed and tested a continuity plan in the event of disaster
or computer failure. The plan includes a complete inventory
of equipment and software, as well as detailed instructions for
recovery.
Click
on the links below for other examples of controls:
Financial and Operational
Revenues
Purchases and Payroll
Property and Assets
Research
Safety and Liability
Return to
overview of Risks and Controls
|
