Australian Information Security Management Conference

Document Type

Conference Proceeding


secau Security Research Centre, Edith Cowan University, Perth, Western Australia


Originally published in the Proceedings of the 9th Australian Information Security Management Conference, Edith Cowan University, Perth Western Australia, 5th -7th December, 2011


The more routine a task is we see the greater the need for a checklist. Even the smartest of us can forget where we parked our cars on returning from a long flight. So, the question is, why not create a straightforward checklist that will improve system management and security? In Information Technology operations, the vast majority of skilled people have re-built servers, but in an incident response situation, it can be unforgivable to overlook a serious security configuration simply because in the stress of the environment causes one to lose track of which stage they were on while being interrupted and multitasking. We show that the use of standard checklists and flowcharts created by the individual make for better results even in daily tasks. This paper presents the results of an experiment into the use of checklists by incident responders. It demonstrates how basic checklists can improve an organisation’s security.