View
219
Download
0
Category
Preview:
Citation preview
7/28/2019 Sample Assessment - Gap Analysis
1/7
Company Name
IT Infrastructure Assessment
Version 1.0 (draft)
Prepared by:
Fahad AnsariBrisk Technovision
7/28/2019 Sample Assessment - Gap Analysis
2/7
Document Information
Internal Use Only 2
7/28/2019 Sample Assessment - Gap Analysis
3/7
Introduction
Purpose of this gap analysis report is to identify gaps in IT Infrastructure, processand service mechanism to help prepare action plan for corrective and preventivemeasures to optimize IT infrastructure.Based on gap Analysis report and Current IT Infrastructure Audit we summarizeFindings, suggestions and action required as followings.
A. Core Network Infrastructure
1. Physical / Topology.2. Internet.3. Mailing system
1. Physical / Topology.
Network Topology Diagram needs to be prepared with details including
equipment Location, Asset ID, Network Assets should tagged as per assetguidelines
Uplink Cables, backbone cables and critical users cables should be labeled
and documented. Switch is to be kept in dust free environment with adequate cooling.
Switches and other network devices should have Power Backup.
Type of IP addresses Static / Dynamic.
IP address assigning policy of users, ranges of IP. IP addresses of switches, routers, printers, servers, critical users, visitors
etc. Excluded IPs for future requirement.
Naming standardization of host and other network equipments.
2. Internet.
Which configuration has done for internet sharing?
Access details for users on internet.
Internal Use Only
Document Title Gap Analysis and suggestions
Prepared By Fahad Ansari
Version 1.0 Draft
Related DocumentsGap Analysis Report, Network Diagram
Approved ByName and Signature of Approval Authority
3
7/28/2019 Sample Assessment - Gap Analysis
4/7
Limitation of users over internet.
Firewall / content filtering process.
Authentication to use internet.
Backup for internet failure.
Redundancy for internet link. Bandwidth and type of internet.
Security & Access Control
B1. Security.
1. Antivirus.2. Internet and Firewall.3. USB / Remove able devices.4. User Passwords.
B2. Identity and Access Control.
1. Antivirus.
Which antivirus is running?
Antivirus is centralized or not?
Updating policy.
Are users able to disable antivirus?
Filtering policies running on Antivirus?
Is password requiring for Antivirus in the behavior of disabling,
modification, uninstall etc? Virus status on nodes and server.
2. Internet and firewall.
Internet usage policy for users.
Bandwidth or size allocation.
Any firewall is present for internet.
Firmware updation / license of firewall.
Type of firewall hardware / software.
Policies defined on firewall has documented or not?
Support details of Internet & Firewall.
Backup of Internet on failure.
3. USB / Remove able devices.
Internal Use Only 4
7/28/2019 Sample Assessment - Gap Analysis
5/7
Are USB enabled for users.
Is there any scanning happening during USB connection?
IEEE (Mobile) cables are protected or not.
4. User Passwords.
Policies for passwords are documented?
Is there any policy to change password periodically.
Users have different password or the same password?
Requirements for password creating.
B2. Access control and identity
1. ADS.2. Sharing and access.3. User management.
1. ADS.
Is active directory maintained for centralized the infrastructure
Access controls of users are documented?
Users have different password or the same password?
Backup domain is configure incase for parent domain failure.
2. Sharing and access.
Is the sharing centralized?
Are users permitted to manage local machine share access?
Is there any policy for sharing and access?
Permissions on server share.
3. User management.
Polices of users should be documented.
Are users having rights to installation / UN installation and modifications?
Critical users and VIP users rights should be documented.
Unknown users and left users should be deleting or disable.
C. Storage and Backup.
Where the users store their data? On local or on server?
Any quota management defines on storage?
Any quota management defines on local hard drive?
Is there any centralized backup maintaining?
What kind of backup happening full/ differential / append or else?
Internal Use Only 5
7/28/2019 Sample Assessment - Gap Analysis
6/7
Where the backup store
Number of backup media.
Is backup policy documented or not?
How roaming users take a backup?
How is restoration procedure? Have backup tested by restore?
Backup and restoration procedure should be defined with screen shots.
D. Workstation Management.
Standard configuration of workstation
Standard software and applications should be documented.
Users permissions on local machines.
Naming standard
All the standardization of workstation should be documented.
E. Software & Licensing details
Software and Drive CD media should be kept in safe location, copy of media
should be used for installation. Drives and software tools should be kept in central location or on respected
machines for easy access. List of license should be maintained and documented
F. Assets Management
Asset management policy including change management to be preparedand implemented.
Assets should be tagged with unique asset ID and updated monthly or
immediately when any changes are made. A process for Machine allotment to be reviewed and documented.
A standard desktop configuration policy for software and hardware should
be prepared.
G. Power Conditioning
Desktop machine having power backup?
UPS with non working batteries to be repaired to prevent again poweroutage and impurities.
Servers having power backup? What is the duration of backup?
Servers are configured to shutdown automatically due to low battery?
UPS should be covered under warranty and regular health checkup to be
done by Authorizes personal. All network equipments having power backup?
Internal Use Only 6
7/28/2019 Sample Assessment - Gap Analysis
7/7
Internal Use Only 7
Recommended