For a variety of different companies, the minimum standard while undergoing a project
like this is using various tools which most mainly start with a checklist analysis. This tool is used
to identify a multitude of risks that could possibly occur during the project. Most company’s
checklists will have a variety of things along the lines of procedures, items and or activities.
Following this it will be reviewed under a set of criteria to make sure the method on the checklist
will operate efficiently. While there are numerous ways to conduct checklist analysis, I feel the
best method and the quickest is to use a checklist. With this current situation, a configuration
checklist for CA server has been made available, we have been asked to analyze particular areas
of a checklist to verify it has all the elements needed for a CA server. Seeing the age of the
checklist our supervisor decided to prioritize three items and wants our opinion as Security
Analysts on the matter. I am going to examine the checklist and identify minimum two items that
will need to be updated, proceeding that I will determine whether the checklist is suitable for
meeting any requirements that are outlined.
While reading the section of controls overview section of the current checklist, it’s
become apparent that the entirety of the IT department is responsible for all controls at this time.
From my personal standpoint I believe that the IT department should be supervising some of the
controls, like transport layer security and selecting accounts required for support, I believe
everything is asking a lot. I believe that the section labeled PART B should be altered, it states
the IT department is responsible for the selection of information systems and identifying who’s
accountable for administration and maintenance as well. IT should choose the information
system; I don’t believe they need entire control over who’s in charge and the maintenance. I
