Professional Documents
Culture Documents
It Security Assessment Checklist
It Security Assessment Checklist
CUSTOMER NAME
AUDIT BY
N OF ENDPOINTS
ASSETS
Hardware (in-house)
Condition Problem Result
Hardware (remote)
Condition Problem Result
Software (in-house)
Condition Problem Result
Web applications
Condition Problem Result
Bandwidth restrictions
Condition Possible threat Mitigation
VULNERABILITIES / THREATS
RMM
Condition Possible threat Mitigation
Servers
Condition Possible threat Mitigation
Internet connection
Condition Possible threat Mitigation
Firewalls
Condition Possible threat Mitigation
Content filters
Condition Possible threat Mitigation
Remote desktops
Condition Possible threat Mitigation
Billing system
Condition Possible threat Mitigation
Credentials
Condition Possible threat Mitigation
Third-parties applications
Condition Possible threat Mitigation
Network infrastructure
Condition Possible threat Mitigation
Security configuration
Condition Possible threat Mitigation
SECURITY 1/2
Default passwords have been disabled
Condition Possible threat Mitigation
Password strength
Condition Possible threat Mitigation
Antivirus
Condition Possible threat Mitigation
Content filter
Condition Possible threat Mitigation
Remote desktops
Condition Possible threat Mitigation
Patching
Condition Possible threat Mitigation
Encryption
Condition Possible threat Mitigation
Verified software
Condition Possible threat Mitigation
SUGGESTIONS
Policies amendments
Condition Possible threat Mitigation
Changes in procedures/operations
Condition Possible threat Mitigation
CUSTOMER NAME
IT Security Assessment List AUDIT BY
NETWORK
Wireless access point
Condition Problem Result
Firewall
Condition Problem Result
Switches
Condition Problem Result
IP addresses management
Condition Problem Result
Network configuration
Condition Problem Result
RMM
Condition Possible threat Mitigation
SNMP
Condition Possible threat Mitigation
WORKSPACE AND EQUIPMENT
Up-to-date workstations
Condition Possible threat Mitigation
Remote endpoints
Condition Possible threat Mitigation
Disk space
Condition Possible threat Mitigation
Patching
Condition Possible threat Mitigation
Printers/scanners
Condition Possible threat Mitigation
Total workstations
Total workstations
NOTES
USER ACCOUNTS
Authentication is mandatory for all users
Condition Possible threat Mitigation
Shared accounts
Condition Possible threat Mitigation
MFA
Condition Possible threat Mitigation
NOTES
DOCUMENTATION
Regulatory compliance (e.g. HIPAA)
Condition Possible threat Mitigation
Privacy policy
Condition Possible threat Mitigation
Password policy
Condition Possible threat Mitigation
BYOD policy
Condition Possible threat Mitigation
Warranties
Condition Possible threat Mitigation
Licensing
Condition Possible threat Mitigation
Document maintenance
Condition Possible threat Mitigation
SERVERS AND EQUIPMENT
Modern servers
Condition Possible threat Mitigation
Power supply
Condition Possible threat Mitigation
Storage capacity
Condition Possible threat Mitigation
Server racks/cabinets
Condition Possible threat Mitigation
NTP servers
Condition Possible threat Mitigation
Patch management
Condition Possible threat Mitigation
DHCP
Condition Possible threat Mitigation
Wire management
Condition Possible threat Mitigation
Physical security
Condition Possible threat Mitigation
Temperature control
Condition Possible threat Mitigation
Proper labelling
Condition Possible threat Mitigation
Workstations equipped
Condition Possible threat Mitigation
EOL dates
Condition Possible threat Mitigation
TOTAL SERVERS
Total servers
NOTES
DATA MAINTENANCE
Software used
Condition Possible threat Mitigation
RTO/RPO
Condition Possible threat Mitigation
Frequency of backups
Condition Possible threat Mitigation
Backups destination
Condition Possible threat Mitigation
Encryption
Condition Possible threat Mitigation
№ of data copies
Condition Possible threat Mitigation
Retention time
Condition Possible threat Mitigation
NOTES
QUESTIONS TO ASK
1 Do you have security plan? How many Comments
times/year it is reviewed? Who has access?