Network Audit
The network audit has been designed to identify business risk within your organisation and the measures deployed to mitigate that risk. Focusing on common issues, the report will highlight risk management recommendations specifically for your environment by taking into consideration the existing technology deployed and its effectiveness within the business.
Our aim is to assist you to establish proven processes that mitigate risk, allowing your business to be more proactive, and respond more efficiently and consistently when needed. The recommendations provided are designed to move you along a path toward recognised best practices.
Our aim is to assist you to establish proven processes that mitigate risk, allowing your business to be more proactive, and respond more efficiently and consistently when needed. The recommendations provided are designed to move you along a path toward recognised best practices.
Analysis Considerations
These are the broad areas included in analysis.
Business Risk Profile
Understanding how the nature of your business affects risk is important in determining where to apply resources in order to help mitigate those risks. Recognizing critical areas of business risk will help you to optimize allocation of your IT budget.
Perimeter Defense
Perimeter defense addresses security at network borders, where your internal network connects to the outside world. This constitutes your first line of defense against intruders.
Authentication
Rigorous authentication procedures for users, administrators, and remote users help to ensure that outsiders do not gain unauthorized access to the network through the use of local or remote attacks.
Management & Monitoring
Management, monitoring, and proper logging are critical to maintaining and analysing IT environments. Creating a baseline of ‘normal’ network operation and using these tools are even more important after an attack has occurred and incident analysis is required.
Deployment & Use
When business-critical applications are deployed in production, the security and availability of those applications and servers must be ensured. Continued maintenance is essential to help ensure that security bugs are patched and that new vulnerabilities are not introduced into the environment.
Application Design
Design that does not properly address security mechanisms such as authentication, authorization, and data validation can allow attackers to exploit security vulnerabilities and thereby gain access to sensitive information.
Data Storage & Communications
Integrity and confidentiality of data is one of the greatest concerns for any business. Data loss or theft can hurt an organization's revenue as well as reputation. It is important to understand how applications handle business critical data and how that data is protected.
Environment
The security of an organization is dependent on the operational procedures, processes and guidelines that are applied to the environment. They can enhance the security of an organization by including more than just technology defenses. Accurate environment documentation and guidelines are critical to the operation team's ability to support and maintain the security of the environment.
Security Policy
Corporate security policy refers to individual policies and guidelines that exist to govern the secure and appropriate use of technology and processes within the organization. This area covers policies to address all types of security, such as user, system, and data.
Patch & Update Management
Good management of patches and updates is important to securing an organization's IT environment. The timely application of patches and updates is necessary to help protect against known and exploitable vulnerabilities.
Backup and Recovery
Data backup and recovery is essential to maintaining business continuity in the event of a disaster or hardware/software failure. Lack of appropriate backup and recovery procedures could lead to significant loss of data and productivity.
Requirements & Assessments
Business and security requirements should be understood by all decision makers so that both their technical and business decisions enhance security rather than conflict with it. Regular assessments by a third party can help a company review, evaluate, and identify areas for improvement.
Policies and Procedures
Clear, practical procedures for managing relationships with vendors and partners can help limit your company's exposure to risk. Procedures covering employee hiring and termination can help protect your company from unscrupulous or disgruntled employees.
Training & Awareness
Employees should be trained and made aware of how security applies to their daily job activities so that they do not inadvertently expose their company to greater risks.
Business Risk Profile
Understanding how the nature of your business affects risk is important in determining where to apply resources in order to help mitigate those risks. Recognizing critical areas of business risk will help you to optimize allocation of your IT budget.
Perimeter Defense
Perimeter defense addresses security at network borders, where your internal network connects to the outside world. This constitutes your first line of defense against intruders.
Authentication
Rigorous authentication procedures for users, administrators, and remote users help to ensure that outsiders do not gain unauthorized access to the network through the use of local or remote attacks.
Management & Monitoring
Management, monitoring, and proper logging are critical to maintaining and analysing IT environments. Creating a baseline of ‘normal’ network operation and using these tools are even more important after an attack has occurred and incident analysis is required.
Deployment & Use
When business-critical applications are deployed in production, the security and availability of those applications and servers must be ensured. Continued maintenance is essential to help ensure that security bugs are patched and that new vulnerabilities are not introduced into the environment.
Application Design
Design that does not properly address security mechanisms such as authentication, authorization, and data validation can allow attackers to exploit security vulnerabilities and thereby gain access to sensitive information.
Data Storage & Communications
Integrity and confidentiality of data is one of the greatest concerns for any business. Data loss or theft can hurt an organization's revenue as well as reputation. It is important to understand how applications handle business critical data and how that data is protected.
Environment
The security of an organization is dependent on the operational procedures, processes and guidelines that are applied to the environment. They can enhance the security of an organization by including more than just technology defenses. Accurate environment documentation and guidelines are critical to the operation team's ability to support and maintain the security of the environment.
Security Policy
Corporate security policy refers to individual policies and guidelines that exist to govern the secure and appropriate use of technology and processes within the organization. This area covers policies to address all types of security, such as user, system, and data.
Patch & Update Management
Good management of patches and updates is important to securing an organization's IT environment. The timely application of patches and updates is necessary to help protect against known and exploitable vulnerabilities.
Backup and Recovery
Data backup and recovery is essential to maintaining business continuity in the event of a disaster or hardware/software failure. Lack of appropriate backup and recovery procedures could lead to significant loss of data and productivity.
Requirements & Assessments
Business and security requirements should be understood by all decision makers so that both their technical and business decisions enhance security rather than conflict with it. Regular assessments by a third party can help a company review, evaluate, and identify areas for improvement.
Policies and Procedures
Clear, practical procedures for managing relationships with vendors and partners can help limit your company's exposure to risk. Procedures covering employee hiring and termination can help protect your company from unscrupulous or disgruntled employees.
Training & Awareness
Employees should be trained and made aware of how security applies to their daily job activities so that they do not inadvertently expose their company to greater risks.
