Pau Lo
asked on
Workstation/Endpoint Audit
First off, can anyone tell me what an "endpoint" is, and how it differs from a desktop/laptop. And how does a "workstation" differ from a desktop/laptop.
Secondly, what should.could be included in a workstation/endpoint "IT Audit", what key issues need to be reviewed at desktop/workstation/endpoi nt level, i.e key risks, management issues, operation issues etc. Corporately we have over 5000 "desktops" all currently XP latest SP, and several hundred "laptops" (again XP). Security is one issue we want to address but there must be many others.
Secondly, what should.could be included in a workstation/endpoint "IT Audit", what key issues need to be reviewed at desktop/workstation/endpoi
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
the first 2 would not normally apply to desktop/laptops, more the back-end services & servers.
Risk assessment would be looking at password policy, security of the area where the systems are, level of security used to access systems such as swipe cards, secure memory keys, biometrics, how easy is it to get to your data or onto your network. It can really depend on if you are doing this yourself, or an external entity is doing it on behalf of your company.
External security would cover physical building and IT server room access, firewall and internet services, remote access/VPN services etc.
External Services would be other communication links, phone/VOIP lines, mobile/Blackberry access, internet and other such facilities.
Risk assessment would be looking at password policy, security of the area where the systems are, level of security used to access systems such as swipe cards, secure memory keys, biometrics, how easy is it to get to your data or onto your network. It can really depend on if you are doing this yourself, or an external entity is doing it on behalf of your company.
External security would cover physical building and IT server room access, firewall and internet services, remote access/VPN services etc.
External Services would be other communication links, phone/VOIP lines, mobile/Blackberry access, internet and other such facilities.
ASKER
Could you clarify the following for desktops - and how they'd be assessed:
service monitoring,
server maintenance,
risk assessment,
external security,
external services