fbpx Skip to main content

IT Assessments: What are they? Which type do you need?

By February 12, 2018September 29th, 2020Consulting
Technical assessments for your network health and security

Sometimes it feels like the technology world is driven by assessments. Or at least from our perspective here at OXEN Technology!

A technical assessment can be the foundation of a successful IT consultation. It provides the baseline information you need to plan the improvement, modification, or migration of your IT infrastructure. In fact, you are likely to discover security risks you never thought would happen or configuration errors you were unaware of!

Today we want to explain some types of assessments that we are familiar with and use. We hope this will be helpful if you’re evaluating what types of assessments are out there and which ones might be best for your situation and your questions. Keep in mind that the terms we use here aren’t necessarily standardized for assessments, so knowing what an assessment includes, rather than what it’s called, is probably most important.

Network vs. Security Assessment

A network assessment is generally an analysis of your network infrastructure and configuration. This assessment will be focused on things like network assets, storage and disk space, aging workstations, inactive computers or user accounts, unsupported operating systems, internet access and speed, event logs, and so on.

A security assessment of your network does analyze some of the same areas as a network assessment, but it is focused on protocols, permissions, and policies. Are there outbound protocols that shouldn’t be allowed? What are the domain security and local security policies? How strong and consistent are password policies?

These two types of assessments go well together, and they will bring up equally important vulnerabilities.

High-Level vs. In Depth

Another way to look at assessments is to ask, “How much of the network can the scanning tool access?” An initial assessment may be more of a high-level analysis. A more detailed and intensive assessment can build on top of this initial one, and may actually require a device to be physically brought into the network to help perform the scan.

For example, at OXEN our Network Risk & Security Assessment is a high-level assessment that requires software to be run in the network environment (which can be done remotely). This tool quickly scans the network and does a basic discovery of network devices, configurations, and policies. This generates a lot of useful information, but it’s just scratching the surface!

We have another more advanced option called our Security Vulnerability Assessment, which requires a device to be physically brought into the network. It runs for days, rather than minutes. It can get a very detailed analysis of the network over this longer period. This assessment is able to provide more information about internal vulnerabilities, at an incredibly granular level with explanations and recommendations for each vulnerability found.

Policies & People vs. Technical

Keep in mind that there’s more to assessing your network and security measures than just looking at hardware, software, and configurations. If you’re trying to assess the risk of a data breach or Personally Identifiable Information (PII) leaking, you have to think about the human aspect too. Human behavior and business policies that guide employees’ behavior are crucial.

With that in mind, there are assessments aimed specifically at assessing the safety of your data from a people, policies, procedures, and safeguards stance. This type of employee policy-focused assessment will cross over into the technical realm in some areas (e.g., password policies and other technical safeguards for data). But it will also look at whether you have policies for training employees, tracking movements of portable devices (to detect theft), physical security (like restricting areas of the building to visitors), and so on.

Technical assessments are not likely to cover information from an employee handbook or business policies on safeguarding data, disposing of hardware, or acceptable use of the network. But this information is very valuable! We recommend pairing a technical assessment with an employee policy-focused one to get a more comprehensive look at your security risk level.

What do they all have in common?

Clear, concrete recommendations are the common feature of any good assessment.

Whether the final report you get is high-level or in-depth, network or protocol-based, a good one will give you a clear ranking of your highest risks to your lowest risks and what you should do address the problems.

If you request an IT assessment, we encourage you to take full advantage of these reports and recommendations and any work plans also generated. They immediately become the foundation of a technology strategy.

 

If you’re interested in learning which type of technical assessment would help benefit your organization, we would love to consult with you – just drop us a note at hello@oxen.tech or call us at 888-296-3619.


Recent Posts / View All Posts

Managing Passwords

Why Are Managing Passwords So Hard?

| Business Productivity, Security | No Comments
We do most of our business online—emailing, shopping, banking, and much more. But before you take any action, you must log in with a name and password. It’s pretty routine, but with the rapidly growing number of online services that require passwords, it can get increasingly difficult when we are managing these passwords. Managing Passwords Can Be Difficult We all know that passwords are necessary to ensure that only you will access your accounts. But managing passwords can become somewhat hard, especially when you already have so many that you need to remember, and we can all relate to this,…
Best Password Management

Best Password Management for Businesses

| Security | No Comments
The best password management is important for businesses. If your passwords are weak or not stored in a safe location, hackers can easily penetrate your system, causing a myriad of damage to the company, your clients, your customers, and who knows what else. You don’t want that to happen! Fortunately, there are now a lot of reliable password management solutions that are ideal for business use. Some are browser-based, while others are applications you can download onto your computer or smartphone. But if you want the best password management solutions, go with those based in the cloud. Advantages of Cloud-Based…
Password Management

Why Businesses Need Password Management

| Business Productivity, Security | No Comments
As digital technology becomes more advanced, so do the risks of online security breaches. Cyberattacks continue to be a problem, so businesses need to implement reliable security measures now more than ever. There are many security solutions available. One of the simplest yet most effective is a first-rate password management solution. What Is Password Management? Password management is a general term that refers to the steps a business uses to keep passwords secure. It includes everything about passwords, from knowing how to pick a good one all the way to using advanced software to store and regularly update all the…