Network Performance, Security and Reliability Assessment

Similar documents
NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

Security and Privacy Governance Program Guidelines

Windows Server Security Best Practices

Disaster Recovery Self-Audit

Information Technology General Control Review

Audit & Advisory Services. IT Disaster Recovery Audit 2015 Report Date January 28, 2015

Keys to a more secure data environment

Information Security Policy

The Common Controls Framework BY ADOBE

emarketeer Information Security Policy

University of Pittsburgh Security Assessment Questionnaire (v1.7)

Certified Information Systems Auditor (CISA)

NEN The Education Network

Table of Contents. Page 1 of 6 (Last updated 27 April 2017)

Internet of Things Toolkit for Small and Medium Businesses

Information Security in Corporation

Applications/Data To Include in Survey (include applications that meet one or more of the following criteria)

Supporting Windows Vista and Applications in the Enterprise COURSE OVERVIEW PREREQUISITES AUDIENCE OBJECTIVES COURSE OUTLINE. Course No.

ITSM SERVICES. Delivering Technology Solutions With Passion

Identity with Windows Server 2016

What s in Installing and Configuring Windows Server 2012 (70-410):

TRACKVIA SECURITY OVERVIEW

Aras Innovator 11. Backup and Recovery Procedures

Opengear Technical Note

Hitachi Adaptable Modular Storage and Hitachi Workgroup Modular Storage

ISO27001 Preparing your business with Snare

Using Computer Associates BrightStor ARCserve Backup with Microsoft Data Protection Manager

IT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I

Simplify Backups. Dell PowerVault DL2000 Family

Data Center Operations Guide

Controlling Costs and Driving Agility in the Datacenter

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

Hitachi Adaptable Modular Storage and Workgroup Modular Storage

New York Cybersecurity. New York Cybersecurity. Requirements for Financial Services Companies (23NYCRR 500) Solution Brief

10 Hidden IT Risks That Might Threaten Your Business

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Real-time Protection for Microsoft Hyper-V

Ensuring business continuity with comprehensive and cost-effective disaster recovery service.

IBM Case Manager on Cloud

Deploy. A step-by-step guide to successfully deploying your new app with the FileMaker Platform

Microsoft Certified System Engineer

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

Appendix 3 Disaster Recovery Plan

Carbonite Availability. Technical overview

SECURITY & PRIVACY DOCUMENTATION

Build a viable plan for disaster recovery and crisis management.

MHA Consulting BCM Metrics Resiliency Through Measurement

Data Storage, Recovery and Backup Checklists for Public Health Laboratories

ISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045

BUSINESS CONTINUITY: THE PROFIT SCENARIO

CCISO Blueprint v1. EC-Council

A company built on security

IBM Internet Security Systems Proventia Management SiteProtector

DATA BACKUP AND RECOVERY POLICY

IT SECURITY FOR NONPROFITS

Network Detective. Prepared For: Your Customer / Prospect Prepared By: Your Company Name

Inventory and Reporting Security Q&A

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

UNITRENDS CLOUD BACKUP FOR OFFICE 365

REMOTE IT MANAGEMENT SOLUTIONS: MANAGE REMOTE OFFICES WITHOUT LEAVING YOURS

Table of Contents. Sample

The 10 Disaster Planning Essentials For A Small Business Network

Securing Industrial Control Systems

Business Continuity Planning

April Appendix 3. IA System Security. Sida 1 (8)

Hyper-Converged Infrastructure: Providing New Opportunities for Improved Availability

Is Your Information Safe? Presented by: Jake Gibson IT Director, Eurofins

JOB DESCRIPTION FOR SUPPORT STAFF

Windows Server 2016 MCSA Bootcamp

Business continuity management and cyber resiliency

Recommendations for Implementing an Information Security Framework for Life Science Organizations

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 13 Business Continuity

Cybersecurity for Health Care Providers

INFORMATION SECURITY- DISASTER RECOVERY

Policy and Procedure: SDM Guidance for HIPAA Business Associates

ForeScout CounterACT. Resiliency Solutions. CounterACT Version 8.0

Security Policies and Procedures Principles and Practices

AUTOTASK ENDPOINT BACKUP (AEB) SECURITY ARCHITECTURE GUIDE

IBM Security Intelligence on Cloud

HIPAA RISK ADVISOR SAMPLE REPORT

Data Security at Smart Assessor

Windows 7 Done Right: From Migration to Implementation

SECURITY PRACTICES OVERVIEW

Configuring and Troubleshooting a Windows Server 2008 Network Infrastructure

Carbon Black PCI Compliance Mapping Checklist

Cyber Insurance PROPOSAL FORM. ITOO is an Authorised Financial Services Provider. FSP No

A Ready Business rises above infrastructure limitations. Vodacom Power to you

Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV

Network Assessment Your Company s Name

Trust Services Principles and Criteria

UCLA AUDIT & ADVISORY SERVICES

The Future of Business Continuity & Resiliency

70-742: Identity in Windows Server Course Overview

Memorandum APPENDIX 2. April 3, Audit Committee

Kunal Mahajan Microsoft Corporation

Identity with Windows Server 2016

MCSA Windows Server 2012

Cloud for Government: A Transformative Digital Tool to Better Serve Communities

Course Content of MCSA ( Microsoft Certified Solutions Associate )

Transcription:

Network Performance, Security and Reliability Assessment Presented to: CLIENT NAME OMITTED Drafted by: Verteks Consulting, Inc. 2102 SW 20 th Place, Suite 602 Ocala, Fl 34474 352-401-0909

ASSESSMENT SCORECARD Verteks Consulting has examined 114 aspects of your business technology operations. In order to clearly present the findings, we organize each area of investigation into four categories: Security, Productivity and Performance, Downtime Exposure and Manageability. The letter grades presented here were determined by using a weighted scale for each aspect based on its relative impact to your operations. Assessment Scorecard Security Productivity and Performance Downtime Exposure Manageability C C F D ASSESSMENT EXECUTIVE SUMMARY Overall, our assessment found that your network lacks some of the security, reliability and performance most businesses demand from their IT systems. Based on our assessment, the current condition of your technology environment is primarily due to a lack of quality IT consulting and support, and secondarily due to some additional configurations changes required to establish the appropriate security and stability. In every area we examined, we found major issues and concerns that we recommend addressing immediately. The most alarming concerns are the lack of redundant drives in some of your branch servers, the lack of appropriate share and folder permissions, the improper configuration of Active Directory Organizational Units, and Microsoft Exchange replication problems that result in a certificate error. These gaps go far beyond the normal weak passwords and other less serious concerns we find in many businesses. Many of the issues we found can be addressed quickly by a trained and experienced IT engineer from Verteks Consulting. Additionally, an ongoing support relationship with Verteks will help alleviate the ongoing problems you ve experienced and give you a local single-pointof-contact for all your IT support needs. Within the first few weeks of our service, we will come to understand your systems and needs in complete detail, enabling us to be an extension of your company and a true IT business partner. We recommend immediately addressing the major concerns found by our assessment including locking down your security, adding a data backup solution, and reconfiguring other systems so they work correctly. The results of our efforts will be a dramatic improvement in the security, reliability and performance of your computer network. Confidential Network Assessment Verteks Consulting, Inc.

Data Preservation and Security Critical Concerns Our network assessment noted several critical concerns in the areas of data preservation and security that need to be addressed immediately, including: Your vital business data is being backed up but is not being tested for correct restores. It is imperative that data can be restored and the procedure verified before an actual emergency occurs. The procedure to restore backed up data needs to be tested and the results documented on a quarterly basis. Some regulatory agencies recommend that a monthly test restore be conducted and documented. Business critical servers need to have drive redundancy configured in case of drive failure. Without redundant drives, there is the potential for large amounts of revenue loss due to the repair, reloading of the OS, reloading of the applications and the restoring of data from backup. Without redundant drives, you risk excessive downtime which can result in lost revenue and an impact on business reputation as well. Currently, you have failed redundant drives on branch servers in at least 2 locations. UPS testing is not being conducted. It is imperative that the UPS systems are properly tested for battery life as well as inverter operation. The UPS should be tested on a quarterly basis and the results documented. Some regulatory agencies recommend that a monthly UPS test be conducted and documented. UPS communication software is not configured on servers. When UPS communication software is configured properly on the server, after being on battery power for a predetermined amount of time the server will be shutdown in a controlled manner preventing software corruption as well as preventing damage to hardware. Productivity & Performance Critical Concerns Our network assessment noted several critical concerns in the areas of productivity and performance that need to be addressed immediately, including: Group policies are not configured properly and share permissions are not standardized. Group policies enable one-to-many management of users and computers through the enterprise, they automate enforcement of IT policies, they simplify administrative tasks and they consistently implement security settings across the enterprise. Users have limited training concerning the Windows XP operating system. Verteks can provide on-site training for Windows operating systems as well as the Microsoft Office suite of products resulting in greater efficiency for your users, improved customer service, and a reduced burden on in-house IT resources. Downtime Exposure Critical Concerns Our network assessment noted several critical concerns in the area of downtime exposure that need to be addressed immediately, including: The current IT service partner does not seem to have the technical expertise that your business requires. This can result in unnecessary risks and unplanned downtime as well as more downtime than necessary in critical situations. The current IT provider is extremely slow to respond to your needs. In the event of an urgent issue you need backup support immediately helping you to restore your systems quickly to prevent loss of revenue and harm to your business reputation. Currently there is not a documented redundant Internet failover testing procedure or documentation in place. With so many critical functions on the Internet, its important that this vital link be regularly tested. Confidential Network Assessment Verteks Consulting, Inc.

There is no written disaster recovery procedure in place and there is no quarterly disaster recovery testing documented. Recovering your vital business systems and data in the event of a disaster is a time of great stress and anxiety it s absolutely critical that you have a well planned approach that has been tested. With proper planning you ll reduce the amount of downtime in the event of a disaster, and reduce the impact on your customers, your revenue and your business reputation. Manageability Critical Concerns Our network assessment noted several concerns in the area of manageability that we recommend addressing immediately, including: Organizational units and group policies are not configured correctly. Reconfiguring these important settings will result in improved security, easier system management, and faster resolution of issues related to OUs and GPOs. Too many users have administrative rights. This can be a warning sign in a regulatory audit, and can signal that applications have been setup improperly. Ideally IT security will be setup so that no user has full administrative access and that special administrative accounts are used when these activities take place. This way when a former administrator leaves it s much easier to quickly change security and lockout the prior user. There is no change order or hardware updating process in place. With a network that spans multiple locations and many users, it s important to have a systematic approach to asset retirement and replacement. This way, your business will get the most out of its IT equipment investments, and also have a more predictable capital expenditure budget. There are no server hardware service agreements in place. Having backup and/or warranty service on servers is especially important since an outage of one server will affect multiple (or possibly all) users. We recommend that servers have manufacturer support for hardware, and backup support from an IT services company if possible. Routers and switches have no firmware or system update plan in place. These devices are often left without updates for a significant time resulting in weaker security and degraded performance. At least once each quarter these infrastructure components should be reviewed and updated to the latest firmware or software to keep the network at optimum health and performance. CONCLUSION Thank you for giving us the opportunity to review your IT infrastructure and complete this assessment. We re confident that the issues we found can be addressed quickly, resulting in improved security, better system management, increased performance, and greater productivity for your users. With some work from our experienced IT professionals, and your internal staff s input and support, we believe a substantial improvement can be gained in a short period of time. Confidential Network Assessment Verteks Consulting, Inc.

Verteks Consulting 2102 SW 20th Place Suite 602 Ocala Fl, 34471 T: (352)401-0909 / (877)837-8357 Assessment Scorecard - Area 1: Security Area 1: Security Scorecard Summary Data Preservation Network Security System Security Compliance Weighted Average Score (0=low to 5=high) Overall Security Rating Weight Score 40% 3.8 30% 5.0 30% 2.0 0% 0.0 3.64 / 73% C Data Preservation Pass Fail Backup system with offsite data portability functional X Adequate, current and supported backup software X Data centralized through roaming profiles/redirected folders X Backup software configured properly to backup company data X Backup software configured properly to backup system states X Backup software configured properly for notifications/reporting X Adequate media rotation including archive volumes X Offsite and offline storage of backup volumes X Adequate media capacity for data volume X Backup software configured properly to backup OS/Applications X Existing sample restoration routine processes X Availability of installation media X Daily review of backup notifications X Data Preservation Rating (0=low to 5=high) 3.8 Network Security Pass Fail Firewall hardware functional X Firewall configured with at least basic protection X Wireless system secured (if applicable) X Centrally managed antispam software available X Centrally managed antivirus software available X Antivirus software thoroughly deployed and updating X Antispam software thoroughly deployed and updating properly X Wireless system secured with VPN X Gateway-level antispyware system available, configured and updating X Gateway-level intrusion prevention system online, configured and updating X Password policies (complexity, history, expiration) X Network Security Rating (0=low to 5=high) 5.0 System Security Pass Fail File/share permissions for employee access control X Restrictions on confidential/proprietary data transmission X Server and server-based application updates current X Workstation OS updates current X RAID configured on all mission-critical servers X Adequate environmental facilities (AC, Power, etc) X Adequate UPS battery capacity for equipment X UPS Communication system installed X UPS Communication system configured X

Verteks Consulting 2102 SW 20th Place Suite 602 Ocala Fl, 34471 T: (352)401-0909 / (877)837-8357 Existing UPS testing routine process X System Security Rating (0=low to 5=high) 2.0 Compliance Pass Fail Meets security compliance requirements (PCI/FINRA/HIPAA) - N/A X Compliance Rating (0=low to 5=high) 0.0 Assessment Scorecard - Area 2: Productivity & Performance Area 2: Productivity & Performance Scorecard Summary System Performance Leveraged Software Features User Productivity Remote Access Performance and Capabilities Weighted Average Score (0=low to 5=high) Overall Productivity & Performance Rating Weight Score 30% 5.0 10% 2.5 30% 3.6 30% 1.7 3.32 / 66% C System Performance Pass Fail Server systems performing adequately X Network bandwith Availability X Workstation systems performing adequately X Internet bandwith Availability X System Performance Rating (0=low to 5=high) 5.0 Leveraged Software Features Pass Fail Roaming profiles in effect for all users X X Applications packaged for deployment through group policy & Active Directory X Distributed File System (DFS) configured X Volume Shadow Copy (VSC) configured and users trained X SharePoint Server configured and users trained X Calendar sharing configured and users trained X Public Folders configured and users trained X Leveraged Software Features Rating (0=low to 5=high) 2.5 User Productivity Pass Fail Antispam controls X Web content access controls X Operating system navigation fluency X X Office system fluency X X Remote Access tool fluency X User Productivity Rating (0=low to 5=high) 3.6 Remote Access Performance and Capabilities Pass Fail Secure access to systems remotely for all authorized users X Smart Phone capabilities for all appropriate personnel X Dual factor authentication for remote access X Remote Access Capabilities Rating (0=low to 5=high) 1.7

Verteks Consulting 2102 SW 20th Place Suite 602 Ocala Fl, 34471 T: (352)401-0909 / (877)837-8357 Assessment Scorecard- Area 3: Downtime Exposure Area 3: Downtime Exposure Scorecard Summary System Support Quality System Repairability System Resilience Disaster Recoverability Weighted Average Score (0=low to 5=high) Overall Downtime Exposure Rating Weight Score 25% 0.0 25% 4.0 20% 1.7 30% 0.0 1.33 / 27% F System Support Quality Pass Fail Provider skill level adequate X Provider responsiveness adequate X Provider monitoring vital systems continuously and receiving alerts X After hours support available X System Support Quality Rating (0=low to 5=high) 0.0 System Repairability Pass Fail Warranties current for vital hardware products X Support contracts current for vital software packages X Documentation current and available X OS/Application installation media available X Spare Workstation(s) configured X System Repiarability Features Rating (0=low to 5=high) 4.0 System Resilience Pass Fail Vital system hardware stability adequate X Vital Operating Systems stability adequate X Vital applications stability adequate X Servers configured and cabled for network switch failure resiliency X Redundant authentication server available X Redundant Internet circuit available & configured for auto-failover X Redundant gateway hardware available & configured for auto-failover X Periodic Internet failover & gateway hardware failover testing performed X Redundant messaging services available & configured for auto-failover X Redundant file share services available & configured for auto-failover X Redundant remote access services available & configured for auto-failover X Periodic testing performed of messaging, file share & remote access failover X System Resilience Rating (0=low to 5=high) 1.7 Disaster Recoverability Pass Fail Offsite company data possible to meet Recovery Point Objective X Company data recovery possible within Recovery Time Objective X Vital systems capable of service restoration within Recovery Time Objective X Remote access to systems possible withing Recovery Time Objective X Recovery instructions documented X Remote access instructions developed for staff X Staff trained on disaster recovery system access procedures X Periodic site outage testing performed routinely X Disaster Recoverability Rating (0=low to 5=high) 0.0

Verteks Consulting 2102 SW 20th Place Suite 602 Ocala Fl, 34471 T: (352)401-0909 / (877)837-8357 Assessment Scorecard - Area 4: Manageability Area 4: Manageability Scorecard Summary Workstation/User Management Patch Management Administrative Tools Financial Management Weighted Average Score (0=low to 5=high) Overall Manageability Rating Weight Score 35% 2.8 35% 3.8 20% 1.7 10% 3.0 2.92 / 58% D Workstation/User Management Pass Fail Issue management/ticketing system established X Workstation images created X Applications packaged X DHCP on all appropriate computers X Organizational Units (OUs) configured for departments and roles X Application/Interface access limitations set through Group Policies X User-based web content filtering system in place X Administrator rights removed for users X Data centralized through roaming profiles/redirected folders X Workstation/User Management Rating (0=low to 5=high) 2.8 Patch Management Pass Fail Automated workstation update system configured (WSUS) X Automated workstation update system functioning X Server updating processes established with change windows X Network hardware updating processes established with change windows X Patch Management Rating (0=low to 5=high) 3.8 Administrative Tools Pass Fail Centralized antivirus console X Centralized backup management X Remote interface control support tools X Remote KVM X Remote power supply access X Automated system down/impending failure monitoring and alerting X Administrative Tools Rating (0=low to 5=high) 1.7 Financial Management Pass Fail IT budget planning X Automated hardware and software inventory system X Software support & maintenance renewals X Hardware warranty management X Service contract negotiation X Financial Management Features Rating (0=low to 5=high) 3.0

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback