Minnesota OnLine: Business & Personal 
Internet Solutions Provider
Business Services Company Info
InfoSecurity Capabilities

Site Security Assessment

A Security Assessment is a process whereby Minnesota OnLine identifies security concerns within the Information Systems (IS) Communications Infrastructure considering the security impact on your organization's operating environment.

The overall goal of the security assessment is for Minnesota OnLine to act as an independent and knowledgeable third party to objectively observe the network security of your organization. These observations can study all aspects of the company's security including:

  • Documented policies and procedures

  • Network topography

  • Hardware, software and Network Operating Systems (NOS)

  • Physical security of your organization's information and information systems.

The Security Assessment component will identify potential security vulnerabilities based upon the objectives of your company and what it is that you are trying to secure. Many organizations today are utilizing a Site Security Assessment service to proactively implement security controls as they are making Web enabled applications available over the Internet or allowing access to internal systems via Virtual Private Networks (VPN).

Should your organization engage in a Site Security Assessment, Minnesota OnLine will conduct a the Assessment in the following manner:

  • Review network diagrams, routers, firewall configurations and existing policies.

  • Conduct on-site interviews to gather information regarding the security of your organization's communications infrastructure, undocumented policies, and operational constraints.

  • Provide an analysis and description of the security issues found during the assessment with recommendations how your company can address the issues and performs corrective action.

Minnesota OnLine can conduct a Site Security Assessment in a broad manner to encompass all aspects of the IS Communications Infrastructure, or the Scope of Work can concentrate on single units of IS Communications Infrastructure. For example, Minnesota OnLine could conduct our Assessment regarding security across the WAN, Internet connection and Internet Appliances, or the Remote Access Server (RAS) environment.

A typical list of categories of observations will include, but not limited to:
  • Internet Connection

  • Firewall and/or external router

  • Web, FTP, and Mail Servers

  • Application and production servers (Novell, UNIX, NT, RACF, Other)

  • Physical security of computers, servers and facilities

  • Password protection and authentication
  • Dial-in connections

  • Existing, missing, or outdated written policies

  • Diagram of current and/or future network architecture

  • System or server user privileges and file protections

  • Shared networks (intranets and extranets)

  • Minnesota OnLine will then formulate our findings into a document (Security Assessment Report) that will act as the deliverable. Following is a list of the sections typically included in a Security Assessment Report.

    • Observations and Recommendations your organization's information security and recommendations regarding how to address the observations.

    • Conclusions which points out the important security concerns regarding your network and identifies the most important recommendations one should take to better secure the information and information systems.

    • Appendices to include information that supports the findings of the security assessment. Information included might be a walkthrough report of the on-site assessment, output of tools to determine external visibility of the internal network, and printouts of configurations.

    Presentation of Issues:

    This presentation will be conducted at your site of business and typically includes personal from IS, Operations, Security Group and Executive Management.

    Security concerns will be identified considering the security impact on your operational environment. Detailed descriptions of the security concern and recommendations of how to address each concern is reported and with a risk impact, cost of the problem(s) and possible solutions.

    The report (Security Assessment Report) will be delivered as a bound hard copy in addition to electronic WordTM compatible format that will be transferred to organization in a secure fashion.

    Contact Minnesota OnLine, info@state.net. We can help your organization understand the level of security that is in place, or isn't!

    webmaster@state.net     Home
    © Copyright 1995-1998, Minnesota OnLine. All rights reserved.