Security assessment

Network Securitycomputer-network-security

To protect a network and the resources accessed through the network from unauthorized access and also ensure that employees have adequate access to the network and resources to work. 
A network security system typically relies on layers of protection and consists of multiple components including networking monitoring and security software in addition to hardware and appliances. 
All components work together to increase the overall security of the computer network.

System Security

 Who owns and has access to the system?How can the system be accessed (network, modem, wireless, etc.)? system securityHow are IDs and passwords managed and controlled?Are root and admin passwords changed and managed appropriately? Are system logging and audit functions active? What are the procedures for monitoring system logs? Does the OS configuration conform to corporate policy and requirements? What are the procedures for applying security patches, virus updates, etc?

Application Security

Who owns and is responsible for the application? What application security mechanisms (application securityaccess controls) are in place? What data does the application use? What information does the application create? Is this information appropriately classified and protected? How is the application integrated into other security components (such as using authorization,external access controls, and centralized logging/monitoring)?

Data Security and Classificationdata security

What data is being in corporated into the project? What is the sensitivity (classification) of the data? Are data protection mechanisms set commensurate with the sensitivity of the data?Who will have access to the data? What access controls are inplace? According to policy, what are the encryption requirements for the data (in storage, in transit, etc.)?



Recovery Mechanism

A Disaster Recovery Plan (DRP) is essential. These types of plans should focus on commuBusiness recoverynications to employees and customers and any potential workarounds and methods to distribute additional information. You may never be able to prevent a DoS attack, but you can be ready if (or when) you are subjected to one.

Asessing External Third Parties

Increasingly, corporate projects involve external parties either through some sort ofthird parties network connection, access todata in a DMZ, or simply sending data over the Internet for external processing. Security assessments for these types of projects can be much more challenging