Why is it important to combine an infrastructure survey with an information security survey?
A combination of an infrastructure survey and a security survey provide complementary information that an organization needs to effectively manage and protect its IT environment.
An infrastructure survey provides important information about the technical aspects of the organization's IT environment, such as the existing hardware, software and network components. This information is essential for identifying performance issues and ensuring that an organization's IT environment can support its current and future business needs.
A security survey, on the other hand, provides important information about the organizational and procedural aspects of the organization. This includes identifying risks, vulnerabilities and threats, as well as evaluating the organization's security policies and procedures.
This information is essential to ensure that the organization's assets and critical systems are protected, and that the organization complies with the relevant regulations and standards.
Combining the information provided from both an infrastructure survey and a security survey allows an organization to get a comprehensive view of its IT environment, and make informed decisions about the best way to protect and manage its IT resources.
Both surveys are essential in order to ensure the continuity of the business and to prevent any violation or failure that may cause damage to the organization's reputation, financial loss and even legal problems.
During the infrastructure survey, the following areas are usually examined:
• Network infrastructure: This includes routers, switches, firewalls and other network components.
• Server infrastructure: This includes servers, storage devices, and other hardware used to support the organization's IT environment.
• Desktop and mobile infrastructure: This includes desktop computers, laptops and mobile devices used by employees and other end users.
• Software infrastructure: This includes operating systems, applications and other software used to support the organization's IT environment.
The survey will include a review of the IT architecture, including the logical and physical layout of the organization's network, as well as the organization's IT management, including the existing policies and procedures for managing and protecting the organization's IT resources.
During the security survey, the following areas are usually checked:
• Network security: This includes the organization's firewall, intrusion detection and prevention systems, and other network security controls.
• Security policies and procedures: This includes the organization's security policies, procedures, and standards, as well as the management and oversight of these policies and procedures.
• Access Controls: This includes the procedures and controls in place to ensure that only authorized individuals have access to the organization's IT resources.
• Incident Response and Disaster Recovery: This includes the organization's incident response and disaster recovery plans, as well as the procedures and controls in place to implement these plans in the event of a security incident or disaster.
The survey combines experts in a variety of fields such as: administrative and technical information security, communications, firewalls and systems.
Author: Zabri Idan, VP of expert services and information security at Genie