1
IT Governance
IT governance sets the foundation for an enterprise’s IT security posture. It requires an IT steering committee; IT policies, procedures, standards, and guidelines; and performance measures and metrics.
MUST-HAVE ITEMS
MODERATELY SECURITY-FOCUSED
EXTREMELY SECURITY-FOCUSED
1/1 IT Governance (Click Box If Yes)
2
WAN/MAN
Wide area networks are primarily associated with organizations that have multiple remote physical locations requiring direct connections to the enterprise’s core network. This section focuses on security measure and controls surrounding WAN and MAN.
MUST-HAVE ITEMS
MODERATELY SECURITY-FOCUSED
EXTREMELY SECURITY-FOCUSED
1/1 Remote Organization Location (Click Box If Yes)
3
Internet
All organizations have an Internet presence, Internet access, and third-party connections, such as connections to cloud providers and strategic partners. This section focuses on the security and controls surrounding an organization’s Internet presence.
MUST-HAVE ITEMS
MODERATELY SECURITY-FOCUSED
EXTREMELY SECURITY-FOCUSED
1/5 Internet Presence (Click Box If Yes)
2/5 Remote User Access (Click Box If Yes)
3/5 Site-to-Site VPN (Click Box If Yes)
4/5 Cloud Providers (e.g., Office 365, Box, Google, and Salesforce) (Click Box If Yes)
5/5 Remote Vendor Access (Click Box If Yes)
4
ISP and Next-Generation Firewall
All organizations with Internet access have an Internet service provider (ISP) and a firewall to protect IT assets from bad actors on the Internet. This section provides important security measures and controls related to the ISP and the Internet-facing next-generation firewall.
MUST-HAVE ITEMS
MODERATELY SECURITY-FOCUSED
EXTREMELY SECURITY-FOCUSED
1/2 Internet Router – ISP-Managed (Click Box If Yes)
2/2 Next-Generation Firewall (Click Box If Yes)
5
Web Application
Many organizations enable customers to interact with them via a web application. Securing web applications has become a critical component of securing an enterprises overall technology environment. This section provides basic controls for securing web applications.
MUST-HAVE ITEMS
MODERATELY SECURITY-FOCUSED
EXTREMELY SECURITY-FOCUSED
1/2 Web Application Firewall (Click Box If Yes)
2/2 Web Applications— User Provisioning: (Click Box If Yes)
6
Core Router and WiFi
In this section of the questionnaire, we begin to evaluate the security posture of the internal network. This starts with ensuring that the core of the network is secure. A properly configured core network router/switch is the starting point of a secure internal computing environment.
MUST-HAVE ITEMS
MODERATELY SECURITY-FOCUSED
EXTREMELY SECURITY-FOCUSED
1/2 Enterprise Core Router (Click Box If Yes)
2/2 Enterprise WiFi Network (Click Box If Yes)
7
Active Directory
Typically, a network has a directory service technology, such as Active Directory, and a network access control (NAC) solution. In addition, there is an access layer switch, with defined user VLANs. This section provides important security measure and controls related to Active Directory, NAC, and access-layer switching.
MUST-HAVE ITEMS
MODERATELY SECURITY-FOCUSED
EXTREMELY SECURITY-FOCUSED
1/4 Active Directory (Click Box If Yes)
2/4 NAC (Click Box If Yes)
3/4 Distribution-Layer Switch (Click Box If Yes)
4/4 User VLAN (Click Box If Yes)
8
Server Farm vLAN
The final section of this high-level hardened enterprise network assessment focuses on enterprise applications and network storage. Effective data security is one of an enterprise’s most valuable assets. These questions provide insight into how the enterprise protects its data.
MUST-HAVE ITEMS
MODERATELY SECURITY-FOCUSED
EXTREMELY SECURITY-FOCUSED
1/3 Server Farm VLAN (Click Box If Yes)
2/3 Enterprise Applications (Click Box If Yes)
3/3 Enterprise Storage (Click Box If Yes)

ASSESSMENT COMPLETED!

Thank you for completing the high-level assessment.

We hope you find this information helpful in improving the security posture of your technology environment. If you have any questions, please contact us