Sample Assessment - Gap Analysis

7/28/2019 Sample Assessment - Gap Analysis

1/7

Company Name

IT Infrastructure Assessment

Version 1.0 (draft)

Prepared by:

Fahad AnsariBrisk Technovision


2/7

Document Information

Internal Use Only 2


3/7

Introduction

Purpose of this gap analysis report is to identify gaps in IT Infrastructure, processand service mechanism to help prepare action plan for corrective and preventivemeasures to optimize IT infrastructure.Based on gap Analysis report and Current IT Infrastructure Audit we summarizeFindings, suggestions and action required as followings.

A. Core Network Infrastructure

1. Physical / Topology.2. Internet.3. Mailing system

1. Physical / Topology.

Network Topology Diagram needs to be prepared with details including

equipment Location, Asset ID, Network Assets should tagged as per assetguidelines

Uplink Cables, backbone cables and critical users cables should be labeled

and documented. Switch is to be kept in dust free environment with adequate cooling.

Switches and other network devices should have Power Backup.

Type of IP addresses Static / Dynamic.

IP address assigning policy of users, ranges of IP. IP addresses of switches, routers, printers, servers, critical users, visitors

etc. Excluded IPs for future requirement.

Naming standardization of host and other network equipments.

2. Internet.

Which configuration has done for internet sharing?

Access details for users on internet.

Internal Use Only

Document Title Gap Analysis and suggestions

Prepared By Fahad Ansari

Version 1.0 Draft

Related DocumentsGap Analysis Report, Network Diagram

Approved ByName and Signature of Approval Authority

3


4/7

Limitation of users over internet.

Firewall / content filtering process.

Authentication to use internet.

Backup for internet failure.

Redundancy for internet link. Bandwidth and type of internet.

Security & Access Control

B1. Security.

1. Antivirus.2. Internet and Firewall.3. USB / Remove able devices.4. User Passwords.

B2. Identity and Access Control.

1. Antivirus.

Which antivirus is running?

Antivirus is centralized or not?

Updating policy.

Are users able to disable antivirus?

Filtering policies running on Antivirus?

Is password requiring for Antivirus in the behavior of disabling,

modification, uninstall etc? Virus status on nodes and server.

2. Internet and firewall.

Internet usage policy for users.

Bandwidth or size allocation.

Any firewall is present for internet.

Firmware updation / license of firewall.

Type of firewall hardware / software.

Policies defined on firewall has documented or not?

Support details of Internet & Firewall.

Backup of Internet on failure.

3. USB / Remove able devices.

Internal Use Only 4


5/7

Are USB enabled for users.

Is there any scanning happening during USB connection?

IEEE (Mobile) cables are protected or not.

4. User Passwords.

Policies for passwords are documented?

Is there any policy to change password periodically.

Users have different password or the same password?

Requirements for password creating.

B2. Access control and identity

1. ADS.2. Sharing and access.3. User management.

1. ADS.

Is active directory maintained for centralized the infrastructure

Access controls of users are documented?

Users have different password or the same password?

Backup domain is configure incase for parent domain failure.

2. Sharing and access.

Is the sharing centralized?

Are users permitted to manage local machine share access?

Is there any policy for sharing and access?

Permissions on server share.

3. User management.

Polices of users should be documented.

Are users having rights to installation / UN installation and modifications?

Critical users and VIP users rights should be documented.

Unknown users and left users should be deleting or disable.

C. Storage and Backup.

Where the users store their data? On local or on server?

Any quota management defines on storage?

Any quota management defines on local hard drive?

Is there any centralized backup maintaining?

What kind of backup happening full/ differential / append or else?

Internal Use Only 5


6/7

Where the backup store

Number of backup media.

Is backup policy documented or not?

How roaming users take a backup?

How is restoration procedure? Have backup tested by restore?

Backup and restoration procedure should be defined with screen shots.

D. Workstation Management.

Standard configuration of workstation

Standard software and applications should be documented.

Users permissions on local machines.

Naming standard

All the standardization of workstation should be documented.

E. Software & Licensing details

Software and Drive CD media should be kept in safe location, copy of media

should be used for installation. Drives and software tools should be kept in central location or on respected

machines for easy access. List of license should be maintained and documented

F. Assets Management

Asset management policy including change management to be preparedand implemented.

Assets should be tagged with unique asset ID and updated monthly or

immediately when any changes are made. A process for Machine allotment to be reviewed and documented.

A standard desktop configuration policy for software and hardware should

be prepared.

G. Power Conditioning

Desktop machine having power backup?

UPS with non working batteries to be repaired to prevent again poweroutage and impurities.

Servers having power backup? What is the duration of backup?

Servers are configured to shutdown automatically due to low battery?

UPS should be covered under warranty and regular health checkup to be

done by Authorizes personal. All network equipments having power backup?

Internal Use Only 6


7/7

Internal Use Only 7