IT Examiner School eBook May 2025

Procedure 18 Evaluate the institution’s use of encryption for sensitive institution and customer data at rest and in transit. Consider the following:  Databases  Mobile devices  Email

 Back-up media and storage devices  Transmissions with third parties  Password databases

Click here to enter comments

Baseline Cybersecurity Statements Check if not met (x)  All passwords are encrypted in storage and in transit  Confidential data are encrypted when transmitted across public or untrusted networks (e.g., Internet)  Mobile devices (e.g., laptops, tablets, and removable media) are encrypted if used to store confidential data  Wireless network environments require security settings with strong encryption for authentication and transmission Procedure 19 Determine whether adequate physical and environmental monitoring and controls exist. Consider the following:  Access to equipment rooms (including telecommunication closets) limited to authorized personnel  Adequate HVAC  Alarms to detect fire, heat, smoke, and unauthorized physical access  Computer/server rooms uncluttered and hazard free  Sufficient uninterrupted power supplies (i.e., UPS)  Presence of adequate fire suppression  Protection of equipment from water damage  Environmental sensors where needed (e.g., temperature, humidity, water)  Security cameras Click here to enter comments Baseline Cybersecurity Statements Check if not met (x)  The physical environment is monitored to detect potential unauthorized access  Physical security controls are used to prevent unauthorized access to information systems and telecommunication systems