Press Release – Urs+Nahum’s Security Checklist

by Urs E. Gattiker on 2007/05/28 · 4 comments 5.190 views

You can download this document as a pdf file here:

The German version of this press release you can find here:

More of our press releases can be found here: CyTRAP Labs – press releases

Zurich/Ottawa, May 30, 2007 – The newly released Urs+Nahum’s Security Checklist (1st Edition) published by CyTRAP Labs offers corporate directors, CxOs, managers and technical experts a powerful reference tool that improves risk management and legal compliance. The White Paper addresses these issues in easy‑to‑understand language, helping financial institutions, government organizations, SMEs and trading corporations to achieve best practices for securing and safeguarding strategically important assets, data and information.

As Dr. Urs E. Gattiker from CyTRAP Labs explains, the idea of the checklist was based on the authors’ extensive business and security experience, working with SMEs and financial institutions on the both sides of the Atlantic. The Checklist provides corporate executives, as well as financial and technical managers and personnel, with the pragmatic map for action. At its heart is a rated list of practical security procedures specified by the most stringent financial and government regulations from around the globe, that ensure corporate IT defenses, ascertain internal controls and facilitate the corporate board’s assessment of the potential IT security threats against reaching strategic business objectives.

Urs+Nahum’s Security Checklist is an especially handy tool for documenting and auditing IT security procedures that are reported to the shareholders and regulators. The auditing is typically required by the new business accountability legislation, such as Sarbanes‑Oxley Act (USA), Realignment of the Swiss CO – Art 727 CO: (Art 728a Para 1 Nr. 3 CO), or KonTrag (Germany). The action items listed in the Checklist are mainly based on a dozen of comprehensive laws, standards and regulations published by the world‑leading regulatory bodies, and top security guides, handbooks and critical publications on the subject.

_How Does it Work?_

Urs+Nahum’s Security Checklist is published both electronically, which facilitates searching, and as a hardcover document that can be used in a reference library.

To keep information safe and secure organizations must address 5 key areas of concern:

1. Put in place and enforce policies that follow best security and risk management practices

2. Properly configure information assets and minimize attacks from internal and external sources

3. Take stock, scale down data and dispose off properly

4. Provide critical incident response, alarms and continuity management

5. Conduct periodic external audits

Urs+Nahum’s Security Checklist addresses the above five areas and relates them to various

– Laws (e.g., Sarbanes-Oxley, PIPEDA), standards (e.g., ISO17779);

– Codes of practice (e.g., COBIT, EBIOS, BSI IT baseline protection manual);

– Guidelines (e.g., for Internet and e-mail surveillance at work at public and private sector enterprises); and

– Best practices

By looking at these issues from a global perspective (including Australia, Canada, France, European Union, Germany, UK, USA, Switzerland) the checklist allows to benchmark corporate efforts against the most stringent and forward looking legislative and standardization efforts in the world.


Urs E. Gattiker, Chief Technology Officer and Founder of CyTRAP Labs points out that:

“The Checklist provides managers and board members with the insights regarding targeted compliance and security interventions that can improve risk management without compromising revenue growth or profitability … These are really low-hanging fruits, the measures that should be tried first”.

“Urs+Nahum’s Security Checklist allows executives and experts to exercise sound judgement and come to sensible decisions. The Checklist is enabling organizations to adopt local best‑practice codes, regulation and standards, while benchmarking themselves against critical global standards and regulations”.

“The Checklist follows a “comply-or-explain” approach that should help improve transparency regarding internal control systems, compliance and information security, thereby leading to better corporate governance”.


Urs E. Gattiker, Ph.D.
Roentgenstrasse 49
8005 Zurich
+41 (0)44 272 – 1876
+41 (0)76 200 – 7778 (mobile)
Urs+Nahum-Checklist at

Notes for Editors

1. The White Paper is available from

It includes the background materials for the checklist, the relevant statutory provisions, regulatory requirements contravened, and the factors taken into account when working to achieve compliance.

2. The work may be cited as follows:

Gattiker, Urs E. and Goldmann, Nahum – Urs+Nahum’s Security Checklist [online]. A comprehensive rated checklist of comparative security metrics for Small and Medium Enterprises (SMEs). –– [May 21, 2007]. – Published in Zurich & Lethbridge (Alberta) by CyTRAP Labs — Access: <> ISBN 978-0-9783768-0-2

About Urs E. Gattiker

Urs E. Gattiker is founder and chief technology officer of:

CyTRAP Labs – making firms more secure & profitable (what others write about CyTRAP Labs), and – an information security portal and early warning system for SMEs and home-users – providing information about active zero-day vulnerabilities and security guides

Dr. Gattiker was professor of computing and innovation management at the Stanford Center for Organization Research – Stanford University, Melbourne Business School, School of Engineering – Aalborg University (Denmark), as well as ISNM – Univ. of Luebeck (Germany). He has published several books and many articles and White Papers on security and compliance issues.

About Nahum Goldmann

Nahum Goldmann, President of ARRAY Development, is a leading expert and a renowned lecturer on building and securing ebanking and ecommerce, procurement, financial and governance solutions, as well as regulatory and government policy issues. He has extensive knowledge of ebanking and ecommerce environments and of government practices in the transactional delivery of financial and administrative services, as well as business transformation services and process reengineering of financial institutions and government organizations. Mr. Goldmann is considered to be a pioneer in the area of conceptualizing Extranet Business and Payment Communities and developing business vision, transactional costing, security environment and functional specifications for such communities.

Previous post:

Next post: