general IT infrastructure

The purpose of a general audit is getting information on IT infrastructure, way of using it and connected procedures.

In further stages of work it will make possible performing detailed internal audit of information security. Usually, general audit covers the following areas:

  • Access to rooms with IT resources – server room and other rooms where are installed elements of net (active devices, etc.),
  • Basic hardware-system resources serving net applications (mainly servers and active devices of LAN net),
  • Ways of access to net applications (main communication protocols),
  • Access to Internet inside a company (active devices of WAN net, protocols, methods of authorization),
  • Access to application resources inside a company by external users (VPN connections, methods of authorization),
  • Systems of data archiving – procedures of data using and recovering and procedures of emergency recovery of environment after a failure,
  • Information on number and kind of work stations.

 

The result of the audit is a detailed report including information obtained during audit, among other used operation systems, services, their versions, along with indicated potential risks and guidelines on suggested ways of protecting them (e.g., updating, improving configuration).