?
Solved

ops & security audit

Posted on 2011-09-16
4
Medium Priority
?
411 Views
Last Modified: 2012-05-12
We have some local primary schools and libraries who want (with little budget) some guidance on what a top level IT audit / operations audit should look at and include. They have very little budget and could probably get a partner specialist to spend a day / day and a half to allow someone to review there network from security and operations best practice. Can you provide say “10 areas” that would be priority in a small setup that should be reviewed, which would take priority so they know they are getting the right areas reviewed for what budget they have?
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 19

Accepted Solution

by:
CoccoBill earned 2000 total points
ID: 36553379
From top of my head:

- security policy and others, e.g. acceptable use policies
- patch management
- backup and restore
- change management
- logging and monitoring
- configuration management (servers, workstations, switches/routers and firewalls)
- hardware and software inventory, license management
- incident management
- account management

1-1.5 work days is not a lot to cover those and do the reporting, but it should be possible to at least quickly go through all of the areas in an interview workshop and find any major issues.
0
 
LVL 3

Author Comment

by:pma111
ID: 36556530
Thanks for the input

would security policy include the technical AD security domain policy?

And how would they audit incident management at a technical level?

Thanks
0
 
LVL 19

Expert Comment

by:CoccoBill
ID: 36556549
By security policy I meant the policy documents that state the goals, responsibilities, roles, standards, guidance etc for security management within your organization. AD domain policy (password policies etc) would rather fall under account management I guess. None of the areas require a technical assessment and for some like incident management they're not really even possible. Reviewing of any existing documentation/guidance/processes and interview workshops should be the easiest way to go about this.
0
 
LVL 3

Author Comment

by:pma111
ID: 36556560
Ok many thanks for your assistance
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question