Professional Documents
Culture Documents
ASSESSMENT
QUESTIONNAIRE
SITE NAME: KINIHIRA Provincial Hospital
DATE:29/01/2024
Logical LAN/WAN
# Query Response
1 Is this a hub site or spoke (branch) site? Hub site
2 Do you have network documentation for the No document
deployed LAN/WAN infrastructure?
3 Do you have network topologies (diagrams) for the No
LAN/WAN?
4 Is the LAN segmented and how many segments Not segmented
exist (identify the segments’ role and their
respective VLAN IDs?
5 What are the IP subnets used in the LAN? NA (BSC)
6 What are the IP subnets used for the WAN & NA (BSC)
Internet peering?
7 Are there any remote access VPNs configured for None
teleworkers/remote workers?
8 Are there any site-to-site VPNs configured None
for connections to other institutions?
9 Which device is used to terminate the above VPNs? N/A
10 Are there any QoS policies configured to enhance None
the performance of the WAN?
11 Are there any WAN acceleration tools used to None
enhance the performance of the WAN (specify the
model and quantities where applicable)?
12 Does the network infrastructure have an active No
AMC (annual maintenance contract) for technical
support and preventive maintenance purposes?
Comments:
The hospital doesn’t have any LAN segmentation.
Routers
# Query Response
1 How many routers have been deployed? 0
2 What are the roles for each of the deployed routers ie None
Internet edge or WAN edge or Internal?
3 What is the router hardware models (specify N/A
manufacturer name and exact firewall model)?
4 What software version is running in each of the N/A
firewalls?
5 Which routing protocols have been configured and in N/A
use?
6 What is the port/interface density for each of these N/A
routers (specify for both copper and fiber ports where
applicable)?
7 What are the interface speeds (specify for both N/A
copper and fiber ports where applicable)?
8 Have the routers been configured to export their N/A
audit logs to a central repository that can store the
logs for a longer duration for purposes of incident
response and forensics?
9 Are the routers integrated into a NOC (Network N/A
Operations Centre) platform for centralized
operational management and monitoring?
10 Are the routers integrated into a SOC (Security N/A
Operations Centre) platform for centralized security
monitoring and response?
11 Do you have Role-Based Access Control (RBAC) N/A
enabled for user accounts that have administrative
access to the router(s)?
12 For the management of the routers, do you have a N/A
centralized network authentication, authorization and
Comments:
Switches
# Query Response
1 How many switches have been deployed? 9
2 What are the switch models (specify manufacturer Cisco catalyst 2960 series,
name and exact switch model)? DLINK DES-1024d
3 What is the software version running on each these NA
switches?
4 What is the copper (Base-T) port density for each of 24 Port
these switches?
5 What is the fiber port density for each of these 4
switches?
6 What is the port speed for the copper (Base-T) ports? 100Mbps
7 What is the port speed for the fiber ports? 100Mbps
8 How many ports have been utilized (specify for both
copper and fiber)?
9 Have the switches been configured to export their None
audit logs to a central repository that can store the
logs for a longer duration for purposes of incident
response and forensics?
10 Are the switches integrated into a NOC (Network No
Operations Centre) platform for centralized
operational management and monitoring?
11 Are the switches integrated into a SOC (Security No
Operations Centre) platform for centralized security
monitoring and response?
Comments:
All switches should be replaced to be updated to the latest.
Comments:
Comments:
Referring to guideline on minimum bandwidth for Broadband Internet Connectivity in is still in need to upgrade the
used bandwidth in range of 140-161 users.
Comments:
Comments:
Comments:
Business Continuity
# Query Response
1 Do you have an established and documented Yes
data recovery process that stipulates what data
should be backed up, the frequency of backup
and the backup data retention period?
2 Do you have a full-fledge disaster recovery site No
that can be fully operational in the event the
primary data center goes offline?
3 Do all the remote sites have an active network N/A
access to both the primary and disaster
recovery site?
4 Is the failover process between the primary No
data center and disaster recovery site fully
automated?
5 Are the applications/systems hosted in the no
data centers accessed via their FQDNs or actual
IP addresses?
Comments:
Comments:
Comments:
Endpoint Security
Specify if there is any endpoint security installed on the user computers used to access the core
digital systems for operations
# Query Response
1 Do you have a standard endpoint detection and Yes Kaspersky
response security tool installed across all the
corporate computers? Specify the tool.
2 Which security features does the endpoint security Kaspersky endpoint security for windows
tool support?
3 Which security features of the endpoint security Kaspersky endpoint
tool are being actively used?
4 Does the endpoint security tool support software yes
whitelisting capability that only allows authorized?
software to execute on end user computers?
5 Does the endpoint security tool have a remote wipe No
capability in the event that the device is stolen or
lost to avoid loss of sensitive data?
Comments:
Comments:
Comments:
Comments:
Comments:
Sound Systems
# Query Response
1 Do you have a sound system implemented? No
2 What is the role/purpose for the sound No
system?
3 What is the model of the sound system? None
4 Who manages the operation and N/A
maintenance of this sound system?
5
Comments:
Comments:
Comments:
Comments:
Comments:
Comments:
Comments:
Comments: