Get a 360-degree view of implemented controls
IT infrastructure assessment is required from time to time as an input to decision making – for strategic investments in technologies or for process improvement and optimisation. Organisations engage external parties to do health-checks and assessments for an independent opinion. Typical assessments are generally conducted in the following major phases:
1. Survey and Data Gathering
2. Documentation and Assessment of the Infrastructure
3. Gap Analysis vis-à-vis good practices
4. Recommendations for improvement, configuration changes etc.
5. Presentation of findings, reports; and workshops.
Based on the maturity level, and business requirements (gathered during interviews), we make recommendations or highlight areas which require attention – whether configuration changes, upgrades or a complete overhaul of the systems in question. These recommendations will be guided by good practices, taking into consideration latest technologies and security enhancements, for the overall improvement of IT services.
Recommendations will be made in alignment with enterprise architecture, if a formal definition exists in the organisation; if not, these recommendations will be conducive for such a design in the future. In addition to various documents, we also produce engaging infographics as a part of deliverables.
A typical assessment covers more than 25 areas including:
- Services and Applications
- Data Centres / Locations
- System Infrastructure
- Network Infrastructure
- Wireless Infrastructure
- Virtualisation Infrastructure
- Storage and Backup Infrastructure
- Printers and Peripherals
- Communication Lines
- Access Control and CCTV
- Audio/Video Infrastructure
- Security Infrastructure
HOW WE CONDUCT AN ASSESSMENT
Survey & Data Gathering
Consultants will examine all the components in the IT infrastructure and acquire data by:
* Physical survey of data centres
* Interviews with IT staff
* Inspection of systems, configuration data, etc.
All the details collected will be collated and documented. Work products in this phase include:
– Documentation of servers, networks, applications, services, etc.
– Topology and connectivity diagrams
– Server and equipment lists.
Adequacy of controls will be tested against:
* Controls based on standards (PCI-DSS / ISO27001)
* Test nearly controls in various security domains
* Technology assessment: using VA tools
Summary and detailed reports will be compiled that will show the present state of security in the organisation.
Based on the assessment and business requirements, recommendations will be made, which:
– Highlight areas which require immediate action
– Configuration changes or upgrades to systems
– Implementation of controls hitherto not implemented
The assessment will culminate in:
* Presentation of findings
* Discussion of recommendations
* Workshop with tech and admin teams
Summary and detailed reports on the state of security pointing out adequacy of controls implemented.
Gap Analysis Report
Gap analysis against established standards such as ISO27001, PCI etc.
Asset inventory: servers, storage, backup, network equipment, cloud assets.
Diagrams & Infographics
Network connectivity and topology diagrams, traffic flow diagrams, etc.