IT Assessments: What are they? Which type do you need?

By February 12, 2018 March 20th, 2018 Consulting
Technical assessments for your network health and security

Sometimes it feels like the technology world is driven by assessments. Or at least from our perspective here at OXEN Technology!

A technical assessment can be the foundation of a successful IT consultation. It provides the baseline information you need to plan the improvement, modification, or migration of your IT infrastructure. In fact, you are likely to discover security risks you never thought would happen or configuration errors you were unaware of!

Today we want to explain some types of assessments that we are familiar with and use. We hope this will be helpful if you’re evaluating what types of assessments are out there and which ones might be best for your situation and your questions. Keep in mind that the terms we use here aren’t necessarily standardized for assessments, so knowing what an assessment includes, rather than what it’s called, is probably most important.

Network vs. Security Assessment

A network assessment is generally an analysis of your network infrastructure and configuration. This assessment will be focused on things like network assets, storage and disk space, aging workstations, inactive computers or user accounts, unsupported operating systems, internet access and speed, event logs, and so on.

A security assessment of your network does analyze some of the same areas as a network assessment, but it is focused on protocols, permissions, and policies. Are there outbound protocols that shouldn’t be allowed? What are the domain security and local security policies? How strong and consistent are password policies?

These two types of assessments go well together, and they will bring up equally important vulnerabilities. At OXEN, we run both together in our free Network Risk & Security Assessment.

High-Level vs. In Depth

Another way to look at assessments is to ask, “How much of the network can the scanning tool access?” An initial assessment may be more of a high-level analysis. A more detailed and intensive assessment can build on top of this initial one, and may actually require a device to be physically brought into the network to help perform the scan.

For example, at OXEN our Network Risk & Security Assessment is a high-level assessment that requires software to be run in the network environment (which can be done remotely). This tool quickly scans the network and does a basic discovery of network devices, configurations, and policies. This generates a lot of useful information, but it’s just scratching the surface!

We have another more advanced option called our Security Vulnerability Assessment, which requires a device to be physically brought into the network. It runs for days, rather than minutes. It can get a very detailed analysis of the network over this longer period. This assessment is able to provide more information about internal vulnerabilities, at an incredibly granular level with explanations and recommendations for each vulnerability found.

Policies & People vs. Technical

Keep in mind that there’s more to assessing your network and security measures than just looking at hardware, software, and configurations. If you’re trying to assess the risk of a data breach or Personally Identifiable Information (PII) leaking, you have to think about the human aspect too. Human behavior and business policies that guide employees’ behavior are crucial.

With that in mind, there are assessments aimed specifically at assessing the safety of your data from a people, policies, procedures, and safeguards stance. This type of employee policy-focused assessment will cross over into the technical realm in some areas (e.g., password policies and other technical safeguards for data). But it will also look at whether you have policies for training employees, tracking movements of portable devices (to detect theft), physical security (like restricting areas of the building to visitors), and so on.

Technical assessments are not likely to cover information from an employee handbook or business policies on safeguarding data, disposing of hardware, or acceptable use of the network. But this information is very valuable! We recommend pairing a technical assessment with an employee policy-focused one to get a more comprehensive look at your security risk level.

What do they all have in common?

Clear, concrete recommendations are the common feature of any good assessment.

Whether the final report you get is high-level or in-depth, network or protocol-based, a good one will give you a clear ranking of your highest risks to your lowest risks and what you should do address the problems.

If you request an IT assessment, we encourage you to take full advantage of these reports and recommendations and any work plans also generated. They immediately become the foundation of a technology strategy.

 

If you’re interested in learning which type of technical assessment would help benefit your organization, we would love to consult with you – just drop us a note at hello@oxen.tech or call us at 888-296-3619. You can always request our free Network Risk & Security Assessment to get started!


Recent Posts / View All Posts

IT Leadership | Shared CIO

You Need IT Leadership

| Consulting, Leadership | No Comments
Missouri is just beginning to emerge from its stay-at-home order in response to the pandemic threat. Who ever imagined that pandemic planning policies would become a reality? What was once regarded as a threat with low probability of occurrence will likely become a much higher probability as we navigate through the coming years. The realization of this threat has certainly changed the way we view ourselves and the world around us. It has sensitized us to our newfound vulnerability. This month, I am writing to you from the Joplin, MO office of OXEN Technology. Considering our present circumstances, our physical…
Tech Tip Background

Office 365 Tip: Create a file request in OneDrive

| Office 365, Tech Tip | No Comments
If you need to obtain files from various people, you can use OneDrive to create a file request that allows others to upload documents directly to a folder you specify. This gives people a quick way to transfer files to you without giving them view or edit permissions to your OneDrive folder. Here’s how! Note: This feature is not available in Office 365 Government. For file requests to work, your Office 365 administrator must enable Anyone links in OneDrive. Requesting Files Using OneDrive Online, select the folder where you want others to upload their files. Click Request files on the…
Virtual Private Network

What is a VPN and do you need one to work from home?

| Security | No Comments
Since businesses started shifting to remote work due to COVID-19, OXEN has seen a sizeable uptick in requests for purchasing and implementing VPNs for at-home workers. You’ve probably seen that a Virtual Private Network (VPN) connection is often recommended for securely working from home while accessing company resources. So what’s a VPN for in this context, and do you need one? If you’re a business manager, do you need a VPN connection for every employee who’s now working from home? Read on for our tips. What Is a Virtual Private Network? VPN stands for “Virtual Private Network”. It creates a…