fbpx Skip to main content

IT Assessments: What are they? Which type do you need?

By February 12, 2018September 29th, 2020Consulting
Technical assessments for your network health and security

Sometimes it feels like the technology world is driven by assessments. Or at least from our perspective here at OXEN Technology!

A technical assessment can be the foundation of a successful IT consultation. It provides the baseline information you need to plan the improvement, modification, or migration of your IT infrastructure. In fact, you are likely to discover security risks you never thought would happen or configuration errors you were unaware of!

Today we want to explain some types of assessments that we are familiar with and use. We hope this will be helpful if you’re evaluating what types of assessments are out there and which ones might be best for your situation and your questions. Keep in mind that the terms we use here aren’t necessarily standardized for assessments, so knowing what an assessment includes, rather than what it’s called, is probably most important.

Network vs. Security Assessment

A network assessment is generally an analysis of your network infrastructure and configuration. This assessment will be focused on things like network assets, storage and disk space, aging workstations, inactive computers or user accounts, unsupported operating systems, internet access and speed, event logs, and so on.

A security assessment of your network does analyze some of the same areas as a network assessment, but it is focused on protocols, permissions, and policies. Are there outbound protocols that shouldn’t be allowed? What are the domain security and local security policies? How strong and consistent are password policies?

These two types of assessments go well together, and they will bring up equally important vulnerabilities.

High-Level vs. In Depth

Another way to look at assessments is to ask, “How much of the network can the scanning tool access?” An initial assessment may be more of a high-level analysis. A more detailed and intensive assessment can build on top of this initial one, and may actually require a device to be physically brought into the network to help perform the scan.

For example, at OXEN our Network Risk & Security Assessment is a high-level assessment that requires software to be run in the network environment (which can be done remotely). This tool quickly scans the network and does a basic discovery of network devices, configurations, and policies. This generates a lot of useful information, but it’s just scratching the surface!

We have another more advanced option called our Security Vulnerability Assessment, which requires a device to be physically brought into the network. It runs for days, rather than minutes. It can get a very detailed analysis of the network over this longer period. This assessment is able to provide more information about internal vulnerabilities, at an incredibly granular level with explanations and recommendations for each vulnerability found.

Policies & People vs. Technical

Keep in mind that there’s more to assessing your network and security measures than just looking at hardware, software, and configurations. If you’re trying to assess the risk of a data breach or Personally Identifiable Information (PII) leaking, you have to think about the human aspect too. Human behavior and business policies that guide employees’ behavior are crucial.

With that in mind, there are assessments aimed specifically at assessing the safety of your data from a people, policies, procedures, and safeguards stance. This type of employee policy-focused assessment will cross over into the technical realm in some areas (e.g., password policies and other technical safeguards for data). But it will also look at whether you have policies for training employees, tracking movements of portable devices (to detect theft), physical security (like restricting areas of the building to visitors), and so on.

Technical assessments are not likely to cover information from an employee handbook or business policies on safeguarding data, disposing of hardware, or acceptable use of the network. But this information is very valuable! We recommend pairing a technical assessment with an employee policy-focused one to get a more comprehensive look at your security risk level.

What do they all have in common?

Clear, concrete recommendations are the common feature of any good assessment.

Whether the final report you get is high-level or in-depth, network or protocol-based, a good one will give you a clear ranking of your highest risks to your lowest risks and what you should do address the problems.

If you request an IT assessment, we encourage you to take full advantage of these reports and recommendations and any work plans also generated. They immediately become the foundation of a technology strategy.

 

If you’re interested in learning which type of technical assessment would help benefit your organization, we would love to consult with you – just drop us a note at hello@oxen.tech or call us at 888-296-3619.


Recent Posts / View All Posts

Compliance

IT Compliance and Why It Is Important for Your Business

| Business Productivity, Managed Services, Security | No Comments
In running a business, there are a lot of important matters that need to be taken care of. Even if they are not really in line with the core competencies of the business. One such matter is IT compliance. In the last few weeks, we have been talking about compliance and how it is important to your business. What Is IT Compliance? One of our recent blogs gives a brief but enlightening overview of what IT compliance is all about. In a nutshell, it is the process of complying with the rules, regulations and requirements set by a third party, which aim…
Achieving Compliance

Achieving Compliance as a Team

| Business Productivity, Security | No Comments
Before your company can fully comply with all the requirements set by third parties like regulatory bodies and clients, there are dozens upon dozens of tasks that need to be completed. These tasks are spread across different areas of the company and are impossible for just one individual to accomplish. The process of achieving compliance would require a fast and thorough team of compliance specialists. Vital Matters to Discuss when achieving compliance In most cases achieving compliance failures can be attributed to a lack of planning and communication. To avoid these problems, bring your compliance team together right from the…
IT Security

What Is IT Security and IT Compliance?

| Business Productivity, Security, Tech Tip | No Comments
IT security and IT compliance are two essential matters for any business or organization. Many people think they are the same, while others frequently confuse one for the other. They are not the same thing, but when implemented together, they can provide maximum digital safety and minimize the risk of data breaches and other online threats. In this article, we’ll explain which is which and why both require your attention. What Is IT Security? As the term implies, IT security refers to ensuring the security of a company’s or organization’s IT infrastructure. When creating a security strategy for your business,…