Network Assessments

Get a comprehensive overview of your network’s health and performance

 

IT Risk Managers uses the Benchmark Assessment methodology, based on a combination of regulatory, industry, and manufacturer best practice guidelines. The assessment employs a combination of staff interviews, document reviews, configuration reviews, direct observations, and internal and external vulnerability scannings.

IT Assessment Areas

  • Physical Assessment – Assess the physical environment and security of the primary data facilities and associated wiring closets (i.e., access control, electrical power supply, fire suppression, equipment mounting, wiring)
  • IT Organizational Controls Assessment – Conduct interviews with key staff and review policy, process, procedure, and control documentation (i.e., user and access policies, support logs, maintenance and testing logs, operating procedures and manuals, staff responsibilities)
  • Network Configuration and Security Assessment (LAN) – Review and assess local and wide area network infrastructure configuration and implementation (i.e., network diagram, equipment inventory, configuration files, access security)
  • Servers and Services – Review and assess production server environment configuration, operation, and security (i.e., operating systems, physical equipment, installed application and services inventory, licensing, general configuration, virtual environment, antivirus/malware protection, storage)
  • User Device Security – Review end-user environment configuration and security (i.e., vulnerability scanning, antivirus/malware protection, configuration, user rights and security)
  • Perimeter Controls – Review internal and external network segregation, firewall configuration, branch office/satellite location connectivity, user remote access/VPN configuration, and policies
  • External Risk Assessment – Conduct vulnerability scanning of external network points of access
  • Disaster Recovery and Business Continuity Assessment – Review disaster recovery and business continuity plans and associated documentation, and assess data backup systems and services