You decide to prepare a security checklist for Personal Trainer. Prepare a list of security issues that the firm should evaluate and monitor. Be sure to organize the items into categories that match the six security levels.

What will be an ideal response?

---

Answers will vary. Instructors can refer to the list of issues in Question 9. In addition, a company might use the following checklist to assess security and prepare for future security threats and problems:

Physical Security Issues
• Computer room security
Biometric scanning systems
Motion sensors
• Servers and desktop computers
Keystroke loggers
Tamper-evident cases
BIOS-level passwords; boot-level passwords; power-on passwords
• Mobile devices
Universal Security Slot (USS)
Tracking software
Stringent password requirements
Account lockout thresholds

Network Security Issues
• Encrypting network traffic
Encryption vs. plain text
Public key encryption
• Wi-Fi Protected Access (WPA)
Wired Equivalent Privacy (WEP)
Private networks
Tunnels
Virtual private networks
• Ports and services
Destination ports
Services
Port scans
Denial of service attacks
Firewalls
Protocols that control traffic

Application Security Issues
Services
Security holes
Permissions
Input validation
Patches and updates

File Security Issues
Permissions
User groups

User Security Issues
Identity management
Password protection
Social engineering
User resistance

Procedural Security
Establish clear managerial policies and controls.
Build a corporate culture that stresses security.
Define how particular tasks are to be performed.
Stress employee responsibility for security.
Guard against dumpster diving.
Use paper shredders and instruct employees as to when, why, and how they are used.
Develop a system of classification levels and communicate it effectively.
?