There’s an old expression, you don’t know what you don’t know. When it comes to your organization’s Information Technology Systems, do you truly know what condition they’re in? Assuming your background isn’t in IT, you most likely rely on an IT individual or IT support company.
But how do you really know? Here is a link to an article, Auditing Your IT Support, written by our President, Brian Shrift. His article will help generate discussions you can have with your IT support, to ensure they’re providing the services you need.
IT Management Report (IT Assessment)
Precision Business Solutions has been developing our IT Management Report for a decade now, starting when the company was still named Shrift Small Business Network Consulting (2006). And then, same as now, we know IT Systems needed audited, maintained, secured and managed.
Precision Business Solutions’ current IT Management Report is a combination of a number of different security frameworks. There are numerous security frameworks available, many built based upon industry (eg. healthcare) or type of data (eg. credit card), and we’ve selected the most relevant and cost effective security controls from these frameworks, which made sense for assessing our clients (small and medium businesses).
Our IT Management Report follows the basic IT Security framework of ensuring the Confidentiality, Integrity, and Availability of IT Systems. In other words, ensuring your data is kept secured, is not improperly altered or deleted, and is always available.
Here are just some of the areas we review and assess:
- Identification of Relevant Information Systems & Devices – The identification and documentation of information systems is a crucial step; it provides an inventory of all systems, both critical and non-critical.
- Account Security – Various user account security policies are reviewed, such as user account naming policies, inactive user account policies, password policies, account lockout policies, etc.
- Virus/Spyware Protection – The mechanisms in place to protect systems against viruses and spyware is reviewed, such as if multiple forms of virus/spyware/malware protection are used, and if they use different engines to detect threats (Eg. signature and heuristic based). Additionally, many firewalls are now considered Network Security Appliances, which not only provide firewall protection, but also security services such as anti-virus/spyware scanning, intrusion detection and prevention, Geo-IP and Botnet filters, SSL security, etc.
- Patch Management – Patch management is important to ensure systems are kept up to date with the current Microsoft Windows security patches.
- Security Awareness & Training Program – Security awareness and training is the process of educating employees on computer security and proper computing practices. Security Awareness and Training is mandated for some industries (Eg. healthcare, financial, etc.).
- Systems Monitoring – Review of the systems in place to audit, monitor, detect and prevent system incidents from occurring.
- Backup & Disaster Recovery Plan – Do you have a documented backup and disaster recovery plan, and if so, when was the last time it was tested? No backup plan is complete unless it has been tested.
- Corporate Policies – Review of employee policies, such as an acceptable use policy, social media policy, bring your own device policy, etc.
As you can see from the brief, yet non-inclusive list, our IT Management Report is quite extensive (and the list hasn’t even touched on encryption or vulnerability scanning).
We consider our IT Management Report our most valuable service.
If your organization would like Precision Business Solutions to complete an IT Management Report, please contact us to further discuss your needs.