Umbrella IT Group - Managed Services Provider in Jacksonville Florida

Managed Service Audit and Plan

Umbrella IT Group - UCONNECT Complete MSP Services About
Umbrella IT - UCONNECT Complete -Managed Service Audit and Plan

The Comprehensive Audit

Effective plans of action begin with thorough understandings.

During the discovery and audit process, we compare your infrastructure to lists of must-have security controls and verify the use of modern, scalable, and reliable solutions within your business.

The Aduit is not a traditional, complete risk assessment, but it touches on many of the points that are identified by a typical organizational risk assessment. We zero in on factors such as IT solution cost effectiveness, deficiencies in company operations and information security, and other key systems administration points we refer to as "Industry Best Practices".

This Audit has been developed based on various regulatory bodies’ recommendations and security frameworks - including CIS (Center for Internet Security), NIST (National Institute of Standards and Technology), ISO (International Standards Organization), PCI, HIPAA, and many others.

What's Involved?

The UCONNECT Complete Audit will check for best practices in areas such as:

  • Public and Private facing Networks, Domains, and Websites
  • Servers, Equipment, Endpoints, and Applications
  • Identity Management Providers (IDP) and User Access Management (IAM)
  • Cloud Service Providers, Productivity, and Email Systems
  • Vendor Services Provided and their Cost-Effectiveness
  • Business Sector Regulatory Compliance Adherence
  • Resiliency against a light, Simulated Penetration Test
  • Security Controls and Written Information Security Policy (WISP)

The scope, level of detail, and resolution of this audit are tailored to fit the specific industry and ultimately to meet the modern benchmarks and standards in information security. The standards to meet may vary slightly, based on client infrastructure and the kind of services the client provides. For example, clients in the healthcare, financial or government industries, there are several compliance policies required to adhere to which may not apply to a manufacturing or services business and vice-versa.

The audit is required in order for us to successfully implement UCONNECT Complete. Every client is different, so performing an audit makes sure that you aren’t getting a cookie-cutter solution from us, but rather a tailored, white-glove experience.

Umbrella IT Group - UCONNECT Complete MSP Services About

COMPLETE

Audit Breakdown

NETWORK

  • External attack surface reduction
  • Policy-Based firewall and network infrastructure
  • Hardened VPN and Client Access rules
  • LAN policies, Wi-Fi, and Switching Equipment controls
  • DNS Filtering
  • IPS/Network Analysis Systems
  • Age and overall health of Network Equipment

SERVER / EQUIPMENT

  • Age and overall health of Server hardware and Server OS
  • Age and overall health of Workstation hardware and Workstation OS
  • Hardware and Software Inventory Management
  • GPO / Intune / Other - Security Policy Hardening Rules
  • Patching and Update Policies

IDENTITY MANAGEMENT

  • IDP Provider Security & Inventory of Accounts
  • Access Granting / Revoking Controls
  • Rights, Privileges, and permissive access controls in IDP for all network resources
  • IDP and Group Policy Auditing and logging
  • Password Policies, rotation, retention, Default Account Elimination
  • Conditional Access / MFA for all user accounts

CLOUD APPS & SERVICES

  • Email System / Microsoft 365 / SPF-DKIM-DMARC
  • Email Practices, Encryption, and Advanced Threat Protection
  • File storage / Sharing services controls
  • Communication and productivity platform controls
  • Line-of-Business Applications controls

ENDPOINT SECURITY

  • Endpoint Detection and Response Products
  • Application White-Listing and Anti-Evasion Controls
  • Vulnerability and CVE Discovery for Windows and 3rd Party Software
  • Endpoint Log Aggregation

BACKUPS

  • Cloud Application Backups
  • Reliable Onsite Backup as well as Off-Site Cloud Backup
  • Contingency and Disaster Recovery Planning

OTHER SECURITY POLICIES

  • Employee Security Training Policies for Phishing, Malware, and Security
  • BYOD Policies and security controls
  • Data Loss Prevention Controls
  • Business sector / Regulatory Compliance
  • Company credential manager for end-users

LONG-TERM INITIATIVES

  • Cloud Application Backups
  • Reliable Onsite Backup as well as Off-Site Cloud Backup
  • Contingency and Disaster Recovery Planning

WRITTEN POLICIES

  • Establish an Inventory of Service Providers / Management Policy / BAA's
  • High-Value Target Objectives and Disaster Recovery Process
  • Incident Response Procedures
  • Employee Training and Skills Policy
  • Acceptable usage of corporate assets policy
  • Change Management and Configuration Process
  • Ongoing Vulnerability Management Processes
  • Employee Onboard/Offboarding Procedure
  • Employee/Contractor BYOD and remote work policy
  • Third-Party Annual Risk Assessment

Audit Package Options

Domain and DNS Checks

Service
Industry
Small
Business
Enterprise
Essentials
DNS Records Checks and verification
MX, SPF, DKIM, and DMARC
DNS Security and bot protection proxy
Host A, AAA, CNAME, and others
Domain Controller health and replication
Overall domain health and functional level status

Website and Public Facing Infrastructure

Service
Industry
Small
Business
Enterprise
Essentials
Public Facing Infrastructure Enumeration and Port Scanning
Conditional Access, Geofencing
Plugin Security, Updates, and AV Scan
Vulnerable Application Enumeration
Full External Penetration Test

Local Network and Infrastructure

Service
Industry
Small
Business
Enterprise
Essentials
DNS Forwarders and reverse lookups
Router / Firewall and Network Equipment Health
Firewall policies, LAN policies, and Switching equipment controls
Wireless Client Access Rules and Guest WiFi Policies
VPN and Client Access rules
IDS Network Analysis
Full Internal Penetration Test

Identity (User) Management

Service
Industry
Small
Business
Enterprise
Essentials
IDP Security Controls Standard Checks
User Access Granting / Revoking Controls
IDP and Group Policy Auditing and logging
GPO / Intune / Other - Security Policy Rules
Rights, Privileges, and permissive access controls in IDP
Password Policies, Rotation, and Account Retention
Conditional Access / MFA for all user accounts
Communication and productivity platform controls

Endpoints, Services, and Applications - EMAIL

Service
Industry
Small
Business
Enterprise
Essentials
Basic GSuite, M365, or other Email platform health checks
MFA and Basic Security Configuration
Advanced M365 Configurations and hardening
BYOD Policies and security controls
Email Practices, Encryption, and Advanced Threat Protection
Data Loss Prevention Controls
Data Control, Encryption, and Data Protection Policies

Endpoints, Services, and Applications

Service
Industry
Small
Business
Enterprise
Essentials
Age and overall health of Workstation hardware and Workstation OS
Endpoint Log Reviews
Basic Endpoint and Application Backup Checks – Local and Offsite
Patching and Update Policies
Endpoint Detection and Response Products
Application White-Listing and Anti-Evasion Controls
DNS / Network Filtering
CRM/PSA Security checks
All Backup Integrity and Health Checks
Age and overall health of Server hardware and Server OS
File storage / Sharing services controls
Database health checks
Vulnerability and CVE Discovery for Windows and 3rd Party Software
Incident Response and High-Value Disaster Recovery Checks

Business Sector / Regulatory Compliance

Service
Industry
Small
Business
Enterprise
Essentials
Inventory of Service Providers / Management Policy / BAA's
Vendor Solutions and Services Audit and Negotiations
PCI, HIPAA, PII, and record security/management
Company Credential Management
Regulatory Risk Assessment
Cyber-Breach Insurance
Written Policies Security and Company Policies

Copyright © 2024. Umbrella IT Group. All rights reserved.

Privacy Policy and Terms. Powered by Loomo.