So, you’re feeling pretty confident that you’ve got your environment locked down. Are you certain your infrastructure, servers, and devices deployed throughout your organization are protecting the confidentiality, integrity, and availability of your sensitive information assets?
Working with your security partner to have a periodic review of your infrastructure is a good idea to determine if your environment is properly designed to protect against internal and external threats.
Some areas that could be covered in the review:
- Evaluation of how the the processes and control architectures are implemented
- Hardening procedures and standards
- Patch Management
- File system access control
- User access control
- Hands on review of the configuration of key hosts and network devices
- Directory and messaging architecture review
- LAN architecture review
- Wireless architecture review
- WAN and Remote Access architecture review
A review usually combines detailed planning and coordination of interviews and whiteboard sessions with your team. Interactive review then takes place of network designs, systems architecture, access control, data protection, event monitoring, availability, and operations. Followed next by manual hands on review of key components – firewalls, servers, etc. Then documentation of findings, with interactive presentation with your team.
It’s a good way to ensure your network and systems have been aligned to use security controls efficiently. And, it’s usually a good learning experience for your network team members. They may pick up some good kernels of wisdom from the Information Security Engineer/Partner!
Sr. Account Executive