Most network administrators have some sort of checklist that they keep and then periodically check to make sure all the items on the list are in working order and operating the way they are intended to. In fact anyone in the “security” business will have a such a list if that is their major job responsibility. The world of IT however adds a few layers to the “is the place safe from someone breaking in?” question. The double lock on the front door, or a few keypads to get there is fine for the foot traffic break in but the true “hack” you better start with knowing a few terms like “encryption”, “backdoor”, “redundant” and a few more. When meeting with clients for their online look I have my standard questions on what their expectations are from the site, as well as how many folks they think will show up, etc. Most of these have been around for a while. But with network security you really need to think out of the box at time and abstract thinking is where the barriers will come from to protect the assets from the bad guys.
The list provided here at jdsupra.com is a good start. There are a few more we add to the mix, but the answers may not come as easy. It may mean a change to hiring policies in a number of areas of your organization, to maybe a complete overhaul in areas you thought to be secure. It also important to remember that you will and should be asking these question on a pretty routine and frequent basis as technology improves in this area and its usually because the guys and gals who break in have perfected a hack or exploited a vulnerability. All of these is what makes hiring that IT Security person a challenge to hire and often keep.