Basic Level Security Assessment
The Basic Level Security Assessment service is designed for most of the SMB companies. These businesses typically do not have sophisticated compliance needs, don’t have internal IT staff, and may not be able to afford or require any type of enhanced services. This blueprint balances the level of effort required for us to perform the assessment on a regular basis.
FREQUENCY
DETECTIVE
DELIVERABLE
PURPOSE
-
INITIAL / ANNUAL
-
Network Security
-
Network & Security Risk Reports
-
Management Plans
-
Full Detail Report
-
External Vulnerability Summary
-
Establish a baseline assessment.
-
Refresh the baseline on annual basis.
-
Provides network documentation.
-
MONTHLY
-
Network Security
-
Baseline Management Plan
-
Risk Reports (Change)
-
Management Plans (Change)
-
Full Detail Change Report
-
External Vulnerability Summary
-
Show progress in issue remediation with Baseline reports.
-
Show new issues and re-prioritize with change reports.
-
Identify significant network changes that may affect monitoring and management.
-
QUARTERLY
-
Network Security
-
Network & Security PowerPoints
-
Quarterly Business Review Report
-
Interactive review of significant changes in a digestible fashion.
-
Identify new projects and initiatives.
Required Tasks
All work for the Basic Blueprint can be performed remotely. This significantly minimizes the cost of performing the assessments.
Estimated Time
There are advanced tools available that can automate most of the work, but if performed manually, but our technician time would be typically 30-60 minutes per month per client, with one hour each quarter for the interactive review. Additional automation techniques can reduce the required effort to only the interactive review.
Perform Scans
Initial/Annual/Monthly/Quarterly
1. Remote onto a server or workstation in the client’s network.
2. Download and run the Network/Security Data Collector to perform a Network Scan.
3. Download and run the Network/Security Push Data Collector to run local data collections on the connected computers.
4. Initiate an External Vulnerability scan from the Network Detective application.
Report Review and Delivery
Reports will be generated per the blueprint based on the frequency. The Initial/Annual and Quarterly reviews will be done interactively either in person or online. Monthly reports can be delivered electronically to our clients and reviewed as needed. On a monthly basis, our Iron Defence Security Consultant will review the set of generated reports, focusing mostly on the change reports, and looking for new issues in the Management Plans.