IT Assessment

Comprehensive IT Assessment Overview Gather input from department managers Review all IT systems for inventory, security, backup, and reliability purposes Review IT policies and procedures, disaster recovery plan and make recommendations Evaluate overall efficiency of IT system design and workflow Identify and prioritize critical areas of concern and recommended improvements Provide budgetary estimates and solution planning for execution of recommendations Prepare a comprehensive report of findings and meet with key school staff to document and plan strategy.

Benefits

Detailed information on every discovered asset, including those not physically connected to the network, is a timely process for any IT professional Additionally, being able to identify all risks from misconfigurations, network vulnerabilities and user threats is often unobtainable by most is extremely valuable information to have Finding a way to gather this information across all environments, from on premises, to remote, to cloud, to work from home requires a great deal of knowledge and experience This is why having a team of Engineers with the training and toolset to accomplish this the only way to get that information

Qualification Questions

Is server desktop network assessment required? If so, how many sites?
Is infrastructure cabling site survey required? If so, how many local sites?
Review of the existing Internet Service Provider (ISP) services, including WAN contract If needed, Customer can engage Provider for Vendor Management and Selection of new ISP service(s)
Is telecom and communications assessment required? If so, how many circuits?
Is application assessment required? If so, how many applications?
Is ms cloud assessment required? If so, how many cloud services?
Is cjis compliance assessment required?
Do you need to review placements of your security cameras?
Is external vulnerability assessment required? If so, how many assessments?
Is setup for internal vulnerability assessment required? If so, how many sites?
Do you only need an external vulnerability scan
Is recurring quarterly scan with automated reporting yearly service required? If so, how many 4 quarterly scans?
Is internal vulnerability assessment required? If so, how many connected sites?
Is wireless planning required? If so, how many floors?
Is wireless heat map assessment required? If so, how many floors?
Is physical onsite review required? If so, how many days?
Is hardware assessment and review required? If so, how many 10 devices sites?
Is exchange or exchange online required? If so, how many exchange server or o365 tenants?
Is sql server health scan required? If so, how many sql servers?
Is it planning and recommendations required? If so, how many assessments?
Is external vulnerability assessment with automated pen testing scripts required? If so, how many scheduled scans?
Is penetration testing required? If so, how many 10 methods testeds?
Is networking device health check required? If so, how many hardware devices?
Is network documentation required? If so, how many devices?

Example Project Plan

Implementation
  • Session 1
    • Connect to Customer server via downloaded tool
    • Copy the pre scan and auditing toolset to Customer server
    • Run the pre scan tool This makes sure that the environment is able to run an audit Most of the time, the pre scan tool gives the OK to run the scan
    • If the Pre scan results show the scan can be run, then Step Two Session #2 will begin at that time
  • Session 2
    • Run the auditing toolset on Customer’s Primary Domain Controller This will gather items like Machine Inventory, Machine Health, Network Health, Machine Vulnerabilities, fileshares, permissions, group policy details, and user behavior IT will not access any data directly on any machine or network location (Timing is solely based on what the tool finds, number of devices, speed of those devices, users logged in, and internet speed )
    • Run the auditing toolset on Customer’s Email System This will gather items like mailbox count/size, distribution groups, shared mailbox count/size/permissions, traffic report, and public folder details
    • Run the auditing toolset on Customer’s Email System This will gather items like mailbox count/size, distribution groups, shared mailbox count/size/permissions, traffic report, and public folder details
  • Session 3
    • Copy the auditing toolset export from Customer servers for processing
  • External Scan and Reports Generation
    • Run the External Vulnerabilities Scan This is where Customer’s external IP addresses come in to play This is used to verify there is no unexpected open ports or known threats/vulnerabilities
    • Any firewall settings associated with disabling port scan are turned off for an 8 hr window
    • This will be done via a toolset that resides outside your location This is to determine if there are any vulnerabilities that can be exploited in a malicious attack
Validation
  • Report Generation and Audit Analysis
    • Asset and Findings Reports are generated A review of the audit finding details and External Vulnerabilities Scan results to determine the overall health of your environment and create a management plan for remediation of issues found
Discovery
  • Environment Discovery
    • Identify if Group Policy Updates are required
    • Identify if restarting of workstations and laptops will be required to perform the scan
    • Confirm Firewall settings associated with disabling port scan are turned off
  • Gather Required Environment Details
    • Access to the devices being audited (Using centralized management if available)
    • Related Device Admin Credentials A dedicated username for the scan will allow us to separate interaction from our toolset vs other users
    • All subnets used across all locations (assistance can be provided to gather these details if you don’t have them)
  • Review existing camera positioning and identify positioning for new cameras to improve coverage
  • Determine length of all necessary cable runs to support new cameras
  • Review new internal and/or external camera locations to ensure obstructions are accounted for
  • Create statement of work based on findings of the on site assessment
Closing
  • Project Deliverables
    • Server/Network/Databases/Security Scan Reporting
    • Each scan will include a score to show what meets best practices versus needs attention
    • After reviewing the data, we provide electronic files for each type of scan with details of findings
Last modified December 20, 2022