Security Posture Assessment Scope of Work
3.0 SCOPE OF WORK
The first step in securing your network is to identify the vulnerability and the risk associate with it. Risk Treatment Plan is based on overall security framework and based on the risk and vulnerability assessment. Risk Treatment is a process of selection and implementation of measures to mitigate risks identified earlier. We shall help your COMPANY in deciding the approach that it would take to manage the vulnerability and determine the degree of risk that it is prepared to accept. We shall assist technical team in formulating an effective vulnerability mitigation and resolution to address the vulnerabilities associated with the assets of the organization. This would be done by recommending industry best practice controls and establishing procedures for your company to mitigate these risks. The vulnerability assessment activity will address the security of different layers of technology according to the following diagram. There are several technology elements which will address more than one layer. Example of Technology Element GRC Network Security
Physical AAA Dialup Access
Firewall
VLAN
Fire detection
& Protection
CCTV
Access
Control Power Air
Condition
Cabling (UPS, Management)
To be specific below are descriptions of scope to be implemented during SPA Services.
3.1 Network Architecture Review
We will perform activity such as;
• Maps current network infrastructure implementation against document architecture
• Review network security parameter configuration and setup such firewall, Intrusion Prevention/Detection System, Load Balancer, VPN Gateway.
• Review network equipment configuration and setup such as router and switch.
• Review VLAN setup and configuration
• Scan selected one user VLAN segment for any malicious activity and configuration.
• Spoof selected VLAN segment to monitor traffic in the network.
3.2 ICT Security Physical Assessment
Security assessment normally been ignored
The first step in securing your network is to identify the vulnerability and the risk associate with it. Risk Treatment Plan is based on overall security framework and based on the risk and vulnerability assessment. Risk Treatment is a process of selection and implementation of measures to mitigate risks identified earlier. We shall help your COMPANY in deciding the approach that it would take to manage the vulnerability and determine the degree of risk that it is prepared to accept. We shall assist technical team in formulating an effective vulnerability mitigation and resolution to address the vulnerabilities associated with the assets of the organization. This would be done by recommending industry best practice controls and establishing procedures for your company to mitigate these risks. The vulnerability assessment activity will address the security of different layers of technology according to the following diagram. There are several technology elements which will address more than one layer. Example of Technology Element GRC Network Security
Physical AAA Dialup Access
Firewall
VLAN
Fire detection
& Protection
CCTV
Access
Control Power Air
Condition
Cabling (UPS, Management)
To be specific below are descriptions of scope to be implemented during SPA Services.
3.1 Network Architecture Review
We will perform activity such as;
• Maps current network infrastructure implementation against document architecture
• Review network security parameter configuration and setup such firewall, Intrusion Prevention/Detection System, Load Balancer, VPN Gateway.
• Review network equipment configuration and setup such as router and switch.
• Review VLAN setup and configuration
• Scan selected one user VLAN segment for any malicious activity and configuration.
• Spoof selected VLAN segment to monitor traffic in the network.
3.2 ICT Security Physical Assessment
Security assessment normally been ignored