Sample Assessment - Gap Analysis

Embed Size (px)

Citation preview

  • 7/28/2019 Sample Assessment - Gap Analysis

    1/7

    Company Name

    IT Infrastructure Assessment

    Version 1.0 (draft)

    Prepared by:

    Fahad AnsariBrisk Technovision

  • 7/28/2019 Sample Assessment - Gap Analysis

    2/7

    Document Information

    Internal Use Only 2

  • 7/28/2019 Sample Assessment - Gap Analysis

    3/7

    Introduction

    Purpose of this gap analysis report is to identify gaps in IT Infrastructure, processand service mechanism to help prepare action plan for corrective and preventivemeasures to optimize IT infrastructure.Based on gap Analysis report and Current IT Infrastructure Audit we summarizeFindings, suggestions and action required as followings.

    A. Core Network Infrastructure

    1. Physical / Topology.2. Internet.3. Mailing system

    1. Physical / Topology.

    Network Topology Diagram needs to be prepared with details including

    equipment Location, Asset ID, Network Assets should tagged as per assetguidelines

    Uplink Cables, backbone cables and critical users cables should be labeled

    and documented. Switch is to be kept in dust free environment with adequate cooling.

    Switches and other network devices should have Power Backup.

    Type of IP addresses Static / Dynamic.

    IP address assigning policy of users, ranges of IP. IP addresses of switches, routers, printers, servers, critical users, visitors

    etc. Excluded IPs for future requirement.

    Naming standardization of host and other network equipments.

    2. Internet.

    Which configuration has done for internet sharing?

    Access details for users on internet.

    Internal Use Only

    Document Title Gap Analysis and suggestions

    Prepared By Fahad Ansari

    Version 1.0 Draft

    Related DocumentsGap Analysis Report, Network Diagram

    Approved ByName and Signature of Approval Authority

    3

  • 7/28/2019 Sample Assessment - Gap Analysis

    4/7

    Limitation of users over internet.

    Firewall / content filtering process.

    Authentication to use internet.

    Backup for internet failure.

    Redundancy for internet link. Bandwidth and type of internet.

    Security & Access Control

    B1. Security.

    1. Antivirus.2. Internet and Firewall.3. USB / Remove able devices.4. User Passwords.

    B2. Identity and Access Control.

    1. Antivirus.

    Which antivirus is running?

    Antivirus is centralized or not?

    Updating policy.

    Are users able to disable antivirus?

    Filtering policies running on Antivirus?

    Is password requiring for Antivirus in the behavior of disabling,

    modification, uninstall etc? Virus status on nodes and server.

    2. Internet and firewall.

    Internet usage policy for users.

    Bandwidth or size allocation.

    Any firewall is present for internet.

    Firmware updation / license of firewall.

    Type of firewall hardware / software.

    Policies defined on firewall has documented or not?

    Support details of Internet & Firewall.

    Backup of Internet on failure.

    3. USB / Remove able devices.

    Internal Use Only 4

  • 7/28/2019 Sample Assessment - Gap Analysis

    5/7

    Are USB enabled for users.

    Is there any scanning happening during USB connection?

    IEEE (Mobile) cables are protected or not.

    4. User Passwords.

    Policies for passwords are documented?

    Is there any policy to change password periodically.

    Users have different password or the same password?

    Requirements for password creating.

    B2. Access control and identity

    1. ADS.2. Sharing and access.3. User management.

    1. ADS.

    Is active directory maintained for centralized the infrastructure

    Access controls of users are documented?

    Users have different password or the same password?

    Backup domain is configure incase for parent domain failure.

    2. Sharing and access.

    Is the sharing centralized?

    Are users permitted to manage local machine share access?

    Is there any policy for sharing and access?

    Permissions on server share.

    3. User management.

    Polices of users should be documented.

    Are users having rights to installation / UN installation and modifications?

    Critical users and VIP users rights should be documented.

    Unknown users and left users should be deleting or disable.

    C. Storage and Backup.

    Where the users store their data? On local or on server?

    Any quota management defines on storage?

    Any quota management defines on local hard drive?

    Is there any centralized backup maintaining?

    What kind of backup happening full/ differential / append or else?

    Internal Use Only 5

  • 7/28/2019 Sample Assessment - Gap Analysis

    6/7

    Where the backup store

    Number of backup media.

    Is backup policy documented or not?

    How roaming users take a backup?

    How is restoration procedure? Have backup tested by restore?

    Backup and restoration procedure should be defined with screen shots.

    D. Workstation Management.

    Standard configuration of workstation

    Standard software and applications should be documented.

    Users permissions on local machines.

    Naming standard

    All the standardization of workstation should be documented.

    E. Software & Licensing details

    Software and Drive CD media should be kept in safe location, copy of media

    should be used for installation. Drives and software tools should be kept in central location or on respected

    machines for easy access. List of license should be maintained and documented

    F. Assets Management

    Asset management policy including change management to be preparedand implemented.

    Assets should be tagged with unique asset ID and updated monthly or

    immediately when any changes are made. A process for Machine allotment to be reviewed and documented.

    A standard desktop configuration policy for software and hardware should

    be prepared.

    G. Power Conditioning

    Desktop machine having power backup?

    UPS with non working batteries to be repaired to prevent again poweroutage and impurities.

    Servers having power backup? What is the duration of backup?

    Servers are configured to shutdown automatically due to low battery?

    UPS should be covered under warranty and regular health checkup to be

    done by Authorizes personal. All network equipments having power backup?

    Internal Use Only 6

  • 7/28/2019 Sample Assessment - Gap Analysis

    7/7

    Internal Use Only 7