fbpx Skip to main content

IT Assessments: What are they? Which type do you need?

By February 12, 2018September 29th, 2020Consulting
Technical assessments for your network health and security

Sometimes it feels like the technology world is driven by assessments. Or at least from our perspective here at OXEN Technology!

A technical assessment can be the foundation of a successful IT consultation. It provides the baseline information you need to plan the improvement, modification, or migration of your IT infrastructure. In fact, you are likely to discover security risks you never thought would happen or configuration errors you were unaware of!

Today we want to explain some types of assessments that we are familiar with and use. We hope this will be helpful if you’re evaluating what types of assessments are out there and which ones might be best for your situation and your questions. Keep in mind that the terms we use here aren’t necessarily standardized for assessments, so knowing what an assessment includes, rather than what it’s called, is probably most important.

Network vs. Security Assessment

A network assessment is generally an analysis of your network infrastructure and configuration. This assessment will be focused on things like network assets, storage and disk space, aging workstations, inactive computers or user accounts, unsupported operating systems, internet access and speed, event logs, and so on.

A security assessment of your network does analyze some of the same areas as a network assessment, but it is focused on protocols, permissions, and policies. Are there outbound protocols that shouldn’t be allowed? What are the domain security and local security policies? How strong and consistent are password policies?

These two types of assessments go well together, and they will bring up equally important vulnerabilities.

High-Level vs. In Depth

Another way to look at assessments is to ask, “How much of the network can the scanning tool access?” An initial assessment may be more of a high-level analysis. A more detailed and intensive assessment can build on top of this initial one, and may actually require a device to be physically brought into the network to help perform the scan.

For example, at OXEN our Network Risk & Security Assessment is a high-level assessment that requires software to be run in the network environment (which can be done remotely). This tool quickly scans the network and does a basic discovery of network devices, configurations, and policies. This generates a lot of useful information, but it’s just scratching the surface!

We have another more advanced option called our Security Vulnerability Assessment, which requires a device to be physically brought into the network. It runs for days, rather than minutes. It can get a very detailed analysis of the network over this longer period. This assessment is able to provide more information about internal vulnerabilities, at an incredibly granular level with explanations and recommendations for each vulnerability found.

Policies & People vs. Technical

Keep in mind that there’s more to assessing your network and security measures than just looking at hardware, software, and configurations. If you’re trying to assess the risk of a data breach or Personally Identifiable Information (PII) leaking, you have to think about the human aspect too. Human behavior and business policies that guide employees’ behavior are crucial.

With that in mind, there are assessments aimed specifically at assessing the safety of your data from a people, policies, procedures, and safeguards stance. This type of employee policy-focused assessment will cross over into the technical realm in some areas (e.g., password policies and other technical safeguards for data). But it will also look at whether you have policies for training employees, tracking movements of portable devices (to detect theft), physical security (like restricting areas of the building to visitors), and so on.

Technical assessments are not likely to cover information from an employee handbook or business policies on safeguarding data, disposing of hardware, or acceptable use of the network. But this information is very valuable! We recommend pairing a technical assessment with an employee policy-focused one to get a more comprehensive look at your security risk level.

What do they all have in common?

Clear, concrete recommendations are the common feature of any good assessment.

Whether the final report you get is high-level or in-depth, network or protocol-based, a good one will give you a clear ranking of your highest risks to your lowest risks and what you should do address the problems.

If you request an IT assessment, we encourage you to take full advantage of these reports and recommendations and any work plans also generated. They immediately become the foundation of a technology strategy.

 

If you’re interested in learning which type of technical assessment would help benefit your organization, we would love to consult with you – just drop us a note at hello@oxen.tech or call us at 888-296-3619.


Recent Posts / View All Posts

5 Reasons Why Companies Fire IT Guys

| Business Productivity, Managed Services, Tech Tip, Testimonials | No Comments
The IT industry is brimming with so many IT guys and experts with various specialties these days. You would think it's an easy task hiring one for your company. Finding an IT guy is not the problem. Finding a competent, reliable, and affordable IT professional can be challenging for many businesses. When you think you have found the right person, issues start to come up, and you have no choice but to fire them and start the search again. There are several possible reasons why companies end up firing their IT guys. Here are the Top Five issues most commonly…

Your IT Guy vs. a Managed Service Provider

| Business Productivity, Managed Services | No Comments
There is no question that reliable IT support is a necessity for all of us, including small businesses. The reason is that most transactions and business functions are completed online. Business owners need to decide on the type of IT support they need. Whether that be an internal IT department or a Managed Service Provider. Let’s take a look at some typical IT scenarios. Internal IT Support This protection means keeping an in-house IT person on your regular payroll. It’s straightforward, but this is a practice that is not frequently considered unless your business uses a lot of technology. For…

The Top 5 Red Flags in the IT Industry

| Managed Services | No Comments
All businesses today rely heavily on IT support. Some have their own in-house IT experts, while many others choose to hire managed service providers, or MSPs, to perform specific IT functions for their company. These services are needed to oversee the office hardware and software and stay ahead of the competition. Like all industries, the IT industry has a few red flags that need to be addressed. With all the available services, you wouldn’t think that it would be that difficult to find reliable IT support for your business. We live in an almost entirely digital world, so tech services…