Below you will find a short list of questions that must be presented to your technical advisor. If most questions cannot be answered, your security may be minimal or non-existent and therefore it may be at jeopardy. The average computer consultant may not be able to demonstrate the skills required to implement and complete these technical applications. From our experience, many consultants profess that “your network is secure”. The truth of the matter is “Is it really”?
Authentication:
Is access to the company’s resources authenticated on both the user and networking layer?
Are devices that are connected to the company’s network authenticated?
Is local traffic and traffic to critical company resources authenticated?
Are users authenticated?
Is your network and system administrative resources segregated and protected?
Do you have any security to authenticate traffic to/from a public network?
Local Hosts:
What will happen if one of the hosts is compromised?
Will your network detect if one of the hosts is compromised?
What will happen if one of the VPN hosts is compromised?
Encryption:
Are the PC’s storage devices on the company’s network encrypted?
Are the backup devices encrypted?
Cloud:
Is access to cloud resources authenticated?
What type of security was implemented on the cloud side?
Is any intrusion detection implemented on the cloud side?
Local Wi-Fi:
Is WI-FI security implemented?
Is guest access on my WI-FI segregated from critical resources?
Do we have device authentication on my employee WIFI network?
VPN:
Do you have any security for VPN users who access company resources from a public network?
Are my VPN devices and VPN users authenticated?
Are remote VPN users locally connected to a secure network?
What will happen if one of the VPN hosts was compromised?
Hand-held devices:
Do my hand-held devices have access to any of the company’s critical resources?
Do my hand-held devices have access to any cloud resources?
Are my hand-held devices storing any of the company’s critical data?
Is the storage on the hand-held devices encrypted?
Disaster Recovery:
What would be a recovery procedure if you find out that your network has been breached?
Logs:
Do you have any access logs for forensics if your network was compromised?
Do your cloud resources collect access logs?
Is my email encrypted?
Is Office 365 security implemented?
Are Office 365 users authenticated?
Security and vulnerabilities
Has my network been scanned for vulnerabilities?
Have any of my network devices been scanned for vulnerabilities?
PC’s
Are latest security patches installed on PCs and devices on the company’s network?
Do you have any patch control and visibility for PCs on the company’s network and remote PCs?