IT infrastructure head is responsible for most of the aspects in the IT organizations. After complete six months of my resignation I am enquired by Anti Forgery Wing of EFGH Police for some information. Some of them are generic but some are very specific. Hence I am enclosing the samples of such questions which is asked to me. Trust It will help all the security guys to incorporate some of the standard in their procedure and policies. Documentation has key role in the security.
What was the security system pertaining to software developed by company?
Who was the team incharge of software XYZ?
Whether there was any facility of writing copings, burning the software or any data in any format in the company. If yes, now it was possible, who were having such facilities?
Who was the incharge of IT Wing and to whom he was reported for his day to day work.
- How many times CDs were burned of the said software. Whether any written permission was required for the same. In whom presence the same, were burnt and for what purposes. In whom custody the same were kept. From where the above said record can be available at present.
- Whether there was any stock register/ record maintained at company for the property of company software as well as other corporeal property. What was the procedure to obtain the said goods from stock, if required to anyone?
- Name the persons in whom custody the whole stock of the company was kept?
- Whether any CDs of the source code of XYZ were handed over to ABCD. If yes, for what purpose and when. Whether he had returned the same or not. Who had permitted for the same? Whether any written letter was given to him to return the same.
- What was the system of company functioning of day-to-day work, engaged in the development to the said software? Where the day-to-day work was kept.
- Whether ABCD has knowledge of the security codes of the source codes or not?
- Whether the same were easily accessible to him or not.
- Whether company had detected/found ABCD, in the activity of copies of the software XYZ or other intellectual property of the company.
- Whether company has given any Laptop to his employees or not? If yes, what was the configuration and for what purpose of the same was given.
- What was procedure of the installation of the software XYZ in USA. Whether the same was transferred on the format of CD/Hard Disc or otherwise.
- If any buy was notice at the time of installation how the same was removed.
- Whether ABCD had asked for any confidential data code pertaining to said software. If yes, for what purpose? Whether any written submission or approval was held in this regard.
- Whether you had came to know about any incident in which company detected/found ABCDfor stealing/copying the software or otherwise.
- How many total numbers of CDs were prepared of the said software. In whom custody the same were kept. Whether the same were according to the stock registered maintained at office at the time of leaving having the company.
- Whether any entry was made in record at the time of taking the same or not.
- Who was the authority or whom orders were required to get any information pertaining to said software.
- Whether ABCD was technically capable to handle/charge/to make alteration in the source code version of the said software.
- What type of a person is ABCD. Whether you had detected any slackness was in his working, during the period of March to June 2004. Whether any curtailment was notices in the responsibilities or work of Mr. ABCD or he was entrusted addition work.
- Whether you had visited USA for installation purpose of the said software. If yes who were your other associates. Who was the incharge. Whether you had noticed slackness was in the work of the Mr. ABCD , whether Mr. ABCD was carried laptop of not. If yes, for what purposes the same was given to him.
- Whether Mr. ABCD had desktop or not.
- What was the security system pertaining to the stock of company.
- As per your personal knowledge for what purpose Mr. Naik was called for in MLNOPQRS. Whether his visit was official or personal. Whether any presentation was held in this regard.
- Whether you have heard any instance in which you found that Mr. ABCD had misappropriated/misuse the said software after his personal benefit.
- Whether you have heard, any legal action was initiated against the any former employee of the company after his leaving the company.
- Whether the alleged software was given to any employee as CD format or not for verification purpose.
- What was the system procedure by which any modification in the said software if required?
- Any other information, which can assist in the investigation.