For organisations wishing to get to grips with cyber security or for others more advanced, seeking to validate and develop their existing security stance the IT Health Check is a sensible starting point. It provides a broad, overarching snapshot of the current status of cyber security within an organisation. Looking across strategy, processes and deployed technologies, it seeks to identify vulnerabilities, categorise risk and recommend remediation, which can help inform business planning.
As recommended by the UK Government, the IT Health Check will involve vulnerability scanning and manual analysis of your internal network. Depending upon your organisation’s systems it should include:
•Desktop and server build and configuration, and network management security.
•Patching at operating system, application and firmware level.
•Configuration of remote access solutions (including solutions for managed devices and BYOD).
•Build and Configuration of laptops and other mobile devices such as phones and tablets used for remote access.
•Internal security gateway configuration (including any PSN gateway)
•Wireless network configuration
In addition, we also advocate that the check cover:
•A desktop review of strategy and key policy / process documentation
•A desktop review of organisational compliance with Professional or Regulatory body’s standards.
• Demonstrates clear intent to Regulators regarding the organisation’s engagement in cyber security
• Provides assurance and identifies areas requiring further attention, which helps inform:
◦ Business Planning
◦ Continuous Improvement initiatives
• Can sometimes be a prerequisite for some regulatory accreditations.