Technology assessments are a smart place to start to make sure your organization’s infrastructure continues to run smoothly.
And just like there are emissions and mechanical inspections for your car, different kinds of assessments reveal different types of gaps:
Network Assessment is a comprehensive cataloguing of your existing network
Risk Assessment provides a comprehensive evaluation of information security risks
Vulnerability Assessments identify vulnerabilities and configuration issues hackers may exploit to penetrate the network
Assessments can help you understand and identify gaps in your organization’s security, compliance and backup:
Is your IT infrastructure vulnerable or lacking in any areas?
Are there unnecessary elements in your infrastructure that do not align with your company goals and mission?
Are you in compliance with applicable regulations?
Can you defend against security threats?
Is your infrastructure able to be restored in the event of a system outage or data breach?
Because the gaps revealed by an assessment can feel overwhelming (networks are often complex), prioritization according to the stoplight analogy is helpful to set a path forward. The stoplight method categorizes gaps or vulnerabilities into red, yellow and green assignments based on severity.
Focus Your First Attention and Resources on the Critical Issues First
The highest risks and vulnerabilities come first, such as:
Login attempts, successful logins and network access by former employees or third parties
Unsecured remote connections
Undocumented networking procedures
Gaps that are less urgent come next, such as:
Incomplete multi-factor authentication
Automated patching system failure
Outdated antivirus software
More permissions access than users require to perform duties
Non-critical recommendations are last, such as:
Computers with operating systems that are nearing the end of their extended support period
Persistent issues with on-premises syncing
The Importance of Prioritizing Gaps
Most businesses cannot allocate the resources to address every exposed gap at once. But you will be shown gaps that cannot wait. There will be gaps that can wait till the crucial issues are resolved; plan to address these when allocating resources in the near term. Last, there are the lowest-priority vulnerabilities; implement measures to correct these after fixing the high- and medium-priority issues.
Scheduling according to severity means you’ll focus your resources where they’ll make the biggest difference. Correspondingly you won’t end up spending time and money on non-essential issues. Also prioritizing gaps increases uptime as the entire network won’t be down for maintenance at the same time.
For guidance in assessments and your map forward consider collaborating with Bryley. Since 1987 Bryley has been assessing infrastructure and has a record of keeping vulnerabilities from becoming catastrophes. For more information about Bryley’s approach, please contact us at 978.562.6077 or ITExperts@Bryley.com.