Our IT & Cyber Security Audit provides you with a robust overview of your current IT environment from a practical and security perspective.
The purpose of the IT & Cyber Security Audit is to identify and highlight key areas where changes are needed to improve business efficiency, the security posture of your IT network and protect sensitive data from an internal and external perspective. It gives you a strategic view of how to harness technology with a roadmap for the future
Below is an outline of all the areas our IT & Cyber Security experts will investigate as part of the checks of your IT infrastructure. After performing these investigations, a report of their findings will be created detailing issues found. The report will also offer remediation advice to be followed internally or outsourced.
Take the first steps to improve business efficiency & securing your network. Complete the form below and one of our Team will be in touch.
The engineer will inspect the firewall/router configuration and identify the type of internet connectivity the business is using, including how external sites are connected. An internet speed test is also performed to determine the ISP and bandwidth of the connection.
The engineer will physically inspect all servers and document their OS version, AV, role/function, make, model and serial number. A warranty check is then performed to confirm if the server has a manufacturer’s warranty
The make, model and configuration of all network switches are documented, where possible, to determine the topology and functionality of the internal network.
The engineer will determine how users remotely connect to the network and how access is managed.
Analysis of the wireless network configuration, connectivity and security is performed.
The hypervisor make, model and basic configuration will be documented and all virtual servers inspected for OS version, AV, roles/functionality, applications and configuration.
The engineer will inspect all servers and document all server-based applications and their version numbers. The engineer will also document and discuss all business applications used by members of staff with the site contact and key people in the various departments.
All SAN, NAS and removable storage is inspected and make, model, version, serial numbers documented. Manufacturer warranties are then checked.
Inspection of the current email system (usually MS Exchange or Office 365), version and build numbers documented for any on-premise email systems. DNS settings are reviewed (SPF, DMARC, DKIM).
All UPS units are inspected for load and runtime.
The engineer will review how servers and data are backed up by the backup solution(s), including backup media, storage locations and security.
Website hosting is reviewed and all available DNS configurations are documented for analysis by the engineer.
Make, model, OS version and AV are documented for all PC’s, laptops, tablets and mobile devices, where possible, for analysis by the engineer.
A general overview of the entire network is gathered by
investigating how devices are connected physically or wirelessly, and how geographical locations communicate (e.g. MPLS, VPN).
Application whitelisting for endpoints and mobiles (where applicable) are checked. COPE (company-owned personally enabled) and COBO (company-owned business only) devices are tested for restrictions. Anti-virus solutions are investigated for updates, scan schedules, and effectiveness.
The engineer will use different methods to determine operating system and firmware versions of network connected devices, internal device update schedules, and update management including mobile devices.
Email protection is checked for availability and effectiveness by sending test files. Rules are inspected.
Internal password policies will be inspected and compared to actual users to identify user compliance. Systems for the management of passwords are checked.
Web content filtering is checked for availability and effective by visiting test websites.
Active Directory users and groups are checked for anomalies and security best practices. Group Policies relating to password policy and workstation security are tested.
The distribution and contents of policies are inspected for GDPR compliance as recommended by the ICO.
File storage processes and solutions are checked for
efficiency and security. Backup and redundancy processes are investigated.
Doors, windows, CCTV, access control, etc are checked for obvious weaknesses and best practises.