What are the general components to review in the event there is a merger, acquisition from IT Point of view? A thorough technical security assessment and audit should be conducted on-site to provide assurance on the following:
Confirmation if there are already existence of trojans, worms, viruses, spywares in the office servers and PCs. In the event there are very damaging viruses or trojans, these threats can infect your network and possible spreading via e-mail, ftp and network sharing drives. Further, they can also be transported via portable hard disk, USB Thumb drives, DVDs, CDs carried by office personnel.
Confirmation if there is a firewall. Firewalls provide more flexibility and capacity expansion in the network design. If there is a business requirement to have Internet facing servers, a firewall will allow creation of separate network segment to house these servers and at the same time provides network security.
Assurances there are no weak points in the network e.g. modem connecting to the servers and PCs. This can be the backdoor for intruders to penetrate the office network.
Other security controls such as confirmation if wireless network is encrypted, unnecessary services running in the servers, authorized personnel have access to critical data (Not everyone!), non business software which may have viruses.
Existence of a Security Policy
The responsible IT personal can then provide more information on the state of IT security in the offices. Further, a more detailed proposal if additional/reconfiguration servers, applications and equipment such as UPS, Gen-Set, Fire Suppression System to better support the business.
A more detailed study to review if the existing servers, storage systems are capable to support the current business requirement and future expansion.
This is my view of a Security Assessment based on my experience of setting up IT strategies of merging companies. Of course there will be a lot more information to review once the on-site audit/assessment is carried out. An IT Auditor/Security Consultant can then provide a more precise recommendation on the most feasible plan for the merger.
Gabriel Ng is a professional IT Security Consultant, IT Auditor (CISSP) and author of [http://www.comsectutorial.com] This site is setup to provide information, recommendation on hacking prevention, controls to minimise security threats from viruses, trojans, spywares, hacking based real life experience while conducting security assessment and penetration tests.
0 comments:
Post a Comment