Information Request Form

The information request form (as shown in Table B.1) will provide you with information that helps define the size and scope of the assessment. If you can't gather all this information before the initial meeting, that's okay because after management has given the project the green light, you'll have the additional support to gather more information.

Table B.1. Information Request Form

Contact Name

Phone Number

Cell Phone

Email

Mail Stop

Administrative

For this section, please describe administrative aspects of your organizational environment.

What is the core mission of the organization?

How many locations does the organization have?

Does the assessment encompass all locations or just a limited number of sites?

What event is driving this assessment?

Does the organization have existing security policies and procedures?

Does the organizations have physical controls in place to control the movement of employees and visitors?

Do any vendors or corporate partners have access to the network?

Are any IT services outsourced, and if so, which ones?

Technical

For this section, please describe technical aspects of your organizational environment.

How many servers are located at each site?

What OSs are in place for these servers?

How many workstations are located at each site?

What OSs are in place for these workstations?

What networking protocols are used?

Are there any mainframes?

How many connections are there to the Internet?

What services are made available externally?

What services are made internally?

Is wireless technologies used?

Is VoIP used?

What types of redundant systems are in place?

Security

For this section, please describe the security aspects of your organizational environment.

What type of encryption technologies are used?

Is there a VPN?

Is authentication centralized?

What type of authentication systems are used?

How is access controlled?

What type of firewalls are used?

Is there an IDS/IPS in place?

Legal

For this section, please describe the legal aspects of your organizational environment.

What state, provincial, and federal laws must the organizations comply with?

HIPAA

GLB

SOX

Family Education Rights and Privacy Act

National Institute of Standards and Technologies


Introduction to Assessing Network Vulnerabilities

Foundations and Principles of Security

Why Risk Assessment

Risk-Assessment Methodologies

Scoping the Project

Understanding the Attacker

Performing the Assessment

Tools Used for Assessments and Evaluations

Preparing the Final Report

Post-Assessment Activities

Appendix A. Security Assessment Resources

Appendix B. Security Assessment Forms

Appendix C. Security Assessment Sample Report

Appendix D. Dealing with Consultants and Outside Vendors

Appendix E. SIRT Team Report Format Template



Inside Network Security Assessment. Guarding your IT Infrastructure
Inside Network Security Assessment: Guarding Your IT Infrastructure
ISBN: 0672328097
EAN: 2147483647
Year: 2003
Pages: 138

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net