|
|
Site Security Assessment
A Security Assessment is a process whereby Minnesota OnLine identifies
security concerns within the Information Systems (IS) Communications
Infrastructure considering the security impact on your organization's
operating environment.
The overall goal of the security assessment is for Minnesota OnLine to act
as an independent and knowledgeable third party to objectively observe the
network security of your organization. These observations can study all
aspects of the company's security including:
- Documented policies and procedures
- Network topography
- Hardware, software and Network Operating Systems (NOS)
- Physical security of your organization's information and information
systems.
The Security Assessment component will identify potential security
vulnerabilities based upon the objectives of your company and what it is
that you are trying to secure. Many organizations today are utilizing a
Site Security Assessment service to proactively implement security controls
as they are making Web enabled applications available over the Internet or
allowing access to internal systems via Virtual Private Networks (VPN).
Should your organization engage in a Site Security Assessment, Minnesota
OnLine will conduct a the Assessment in the following manner:
- Review network diagrams, routers, firewall configurations and existing
policies.
- Conduct on-site interviews to gather information regarding the security of
your organization's communications infrastructure, undocumented policies,
and operational constraints.
- Provide an analysis and description of the security issues found during the
assessment with recommendations how your company can address the issues and
performs corrective action.
Minnesota OnLine can conduct a Site Security Assessment in a broad manner
to encompass all aspects of the IS Communications Infrastructure, or the
Scope of Work can concentrate on single units of IS Communications
Infrastructure. For example, Minnesota OnLine could conduct our Assessment
regarding security across the WAN, Internet connection and Internet
Appliances, or the Remote Access Server (RAS) environment.
A typical list of categories of observations will include, but not limited
to:
Internet Connection
Firewall and/or external router
Web, FTP, and Mail Servers
Application and production servers (Novell, UNIX, NT, RACF, Other)
Physical security of computers, servers and facilities
Password protection and authentication
|
Dial-in connections
Existing, missing, or outdated written policies
Diagram of current and/or future network architecture
System or server user privileges and file protections
Shared networks (intranets and extranets)
|
Minnesota OnLine will then formulate our findings into a document (Security
Assessment Report) that will act as the deliverable. Following is a list
of the sections typically included in a Security Assessment Report.
- Observations and Recommendations your organization's information security
and recommendations regarding how to address the observations.
- Conclusions which points out the important security concerns regarding your
network and identifies the most important recommendations one should take
to better secure the information and information systems.
- Appendices to include information that supports the findings of the
security assessment. Information included might be a walkthrough report of
the on-site assessment, output of tools to determine external visibility of
the internal network, and printouts of configurations.
Presentation of Issues:
This presentation will be conducted at your site of business and typically
includes personal from IS, Operations, Security Group and Executive
Management.
Security concerns will be identified considering the security impact on
your operational environment. Detailed descriptions of the security
concern and recommendations of how to address each concern is reported and
with a risk impact, cost of the problem(s) and possible solutions.
The report (Security Assessment Report) will be delivered as a bound hard
copy in addition to electronic WordTM compatible format that will be
transferred to organization in a secure fashion.
Contact Minnesota OnLine, info@state.net.
We can help your organization
understand the level of security that is in place, or isn't!
|
|
