TeleLab Project - IT Security Questionnaire

Dear Madam, or Sir. This survey is conducted under the Tele-Lab project which is funded by the European Union via the Leonardo da Vinci - Transfer or Innovation (TOI) programme. Partners are: Vilnius Gediminas Technical University (Lithuania) - www.vgtu.lt nSoft (Lithuania) - www.nsoft.lt University of Potsdam, Hasso-Plattner-Institut (Germany) - www.hpi.uni-potsdam.de Amalgama Information Management Ltd (Cyprus) - www.aimcy.eu The project aims to transfer the Tele-lab system (www.tele-lab.org) to other universities and to enhance the curricula for IT Security subjects - especially within the framework of virtual IT Security laboratories. This questionnaire addresses university students, lecturers and also private sector companies that have IT staff and attend to issues of IT security. Our goal is, based on your answers, to record the major IT security issues. We will analyze your answers and we will use the analysis to improve the students' knowledge regarding the learning process of IT security-related subjects. There are 26 simple questions in this questionnaire and it is expected to take few minutes of your time. For further information regarding Tele-Lab, please visit www.tele-lab.org , or, you may ask the project's partners. Thank you for taking the time to reply!
TeleLab Project - IT Security Questionnaire
Anketos rezultatai yra prieinami tik anketos autoriui

1. In which sector do you belong? ✪

2. Where are you working / studying?

3. Are you working / studying in the IT sector?

4. Are you aware whether your institution has a formal, documented security policy?

If "No", please skip question numer 5 - 7 and continue at 8. Thank you.

5. Have you read and understood the security policy?

6. Has your institution documented in any way that you have read and understood the security policy? (e.g.: a signed document)

7. Does your institution’s policy make it clear that you may be held accountable for your actions, in case your actions (or inactions) violate your institution’s IT security policies?

8. Do the systems you use in your institution have automatic logoff and/or automatic lock capabilities to terminate a session or lock the application or device after a predetermined time of inactivity (e.g. screensaver lock)?

9. Does your institution require you to use a password(s) to access all your user/system accounts?

10. How is a password change requested?

11. Regarding Antivirus / Antispyware protection, are the systems that you use (either personal, of your institutions) protected by an antivirus / anti-spyware software package(s) protecting each desktop and laptop?

12. Are the systems you use protected from virus infections that arrive via Instant Messaging clients? (ex.: MSN/Windows Live Messenger, Yahoo! Messenger, Google Talk etc)?

13. Have you been trained or advised by your institution to recognize fraudulent attempts to obtain information and to report it to appropriate authorities or staff? “Fraudulent attempts” can be of “social engineering”, for example: an outside entity posing as an IT staffer on the phone in order to get a password from a user. If you haven’t been trained/advised by your institution, are you alert to anticipate such cases?

14. Are the systems you use in your institution protected by a firewall? Do you use a personal firewall for your personal system(s) as well?

15. If the systems you use in your institution provide you this option, do you understand when to block and when not to block alerts of applications trying to access sensitive resources (e.g.: alerts from Microsoft Windows or similar software firewall)?

16. Has your institution ever experienced a security breach to your institution's computer systems?

17. Please explain the steps taken to prevent future security breaches to your institution's computer systems?

18. When a member of your personnel leaves the company (or when work/task contract of an outside entity ends), does your company ensure that :

19. Has your institution implemented procedures to control and validate a person’s access to facilities based on their role or function, including visitor control and control of access to software programs for testing and revision?

20. Does your company use a local Intrusion Detection System(s) (IDS) and/or a local Intrusion Prevention System(s) (IPS)?

21. Are you aware whether unnecessary services are running on your company’s systems?

22. Does your institution screen (may include background checks, CV and references verification, criminal records etc) all employees before they are hired (as well as contractors and third-party users), especially when they will be asked to perform sensitive jobs?

23. What services does your institution you expose to the internet?

24. Does your institution perform backups of computer systems and data?

25. On what medium do you think the backup should be stored for maximum security?

26. What do you think is the biggest risk for IT security