Company Name IT Infrastructure Assessment

Version 1.0 (draft)

Prepared by: Fahad Ansari Brisk Technovision

Document Information

Internal Use Only

Document Title Prepared By Version Related Documents Approved By Introduction

Gap Analysis and suggestions Fahad Ansari 1.0 Draft Gap Analysis Report, Network Diagram Name and Signature of Approval Authority

Purpose of this gap analysis report is to identify gaps in IT Infrastructure, process and service mechanism to help prepare action plan for corrective and preventive measures to optimize IT infrastructure. Based on gap Analysis report and Current IT Infrastructure Audit we summarize Findings, suggestions and action required as followings. A. Core Network Infrastructure 1. Physical / Topology. 2. Internet. 3. Mailing system 1. Physical / Topology. Network Topology Diagram needs to be prepared with details including equipment Location, Asset ID, Network Assets should tagged as per asset guidelines Uplink Cables, backbone cables and critical users cables should be labeled and documented. Switch is to be kept in dust free environment with adequate cooling. Switches and other network devices should have Power Backup. Type of IP addresses Static / Dynamic. IP address assigning policy of users, ranges of IP. IP addresses of switches, routers, printers, servers, critical users, visitors etc. Excluded IPs for future requirement. Naming standardization of host and other network equipments.

2. Internet. Which configuration has done for internet sharing? Access details for users on internet.

Internal Use Only

Limitation of users over internet. Firewall / content filtering process. Authentication to use internet. Backup for internet failure. Redundancy for internet link. Bandwidth and type of internet.

Security & Access Control B1. Security. 1. 2. 3. 4. Antivirus. Internet and Firewall. USB / Remove able devices. User Passwords.

B2. Identity and Access Control. 1. Antivirus. Which antivirus is running? Antivirus is centralized or not? Updating policy. Are users able to disable antivirus? Filtering policies running on Antivirus? Is password requiring for Antivirus in the behavior of disabling, modification, uninstall etc? Virus status on nodes and server.

2. Internet and firewall. Internet usage policy for users. Bandwidth or size allocation. Any firewall is present for internet. Firmware updation / license of firewall. Type of firewall hardware / software. Policies defined on firewall has documented or not? Support details of Internet & Firewall. Backup of Internet on failure.

3. USB / Remove able devices.

Internal Use Only

Are USB enabled for users. Is there any scanning happening during USB connection? IEEE (Mobile) cables are protected or not.

4. User Passwords. Policies for passwords are documented? Is there any policy to change password periodically. Users have different password or the same password? Requirements for password creating.

B2. Access control and identity 1. ADS. 2. Sharing and access. 3. User management. 1. ADS. Is active directory maintained for centralized the infrastructure Access controls of users are documented? Users have different password or the same password? Backup domain is configure incase for parent domain failure.

2. Sharing and access. Is the sharing centralized? Are users permitted to manage local machine share access? Is there any policy for sharing and access? Permissions on server share.

3. User management. Polices of users should be documented. Are users having rights to installation / UN installation and modifications? Critical users and VIP users rights should be documented. Unknown users and left users should be deleting or disable.

C. Storage and Backup. Where the users store their data? On local or on server? Any quota management defines on storage? Any quota management defines on local hard drive? Is there any centralized backup maintaining? What kind of backup happening full/ differential / append or else?

Internal Use Only

Where the backup store Number of backup media. Is backup policy documented or not? How roaming users take a backup? How is restoration procedure? Have backup tested by restore? Backup and restoration procedure should be defined with screen shots.

D. Workstation Management. Standard configuration of workstation Standard software and applications should be documented. Users permissions on local machines. Naming standard All the standardization of workstation should be documented.

E. Software & Licensing details Software and Drive CD media should be kept in safe location, copy of media should be used for installation. Drives and software tools should be kept in central location or on respected machines for easy access. List of license should be maintained and documented

F. Assets Management Asset management policy including change management to be prepared and implemented. Assets should be tagged with unique asset ID and updated monthly or immediately when any changes are made. A process for Machine allotment to be reviewed and documented. A standard desktop configuration policy for software and hardware should be prepared.

G. Power Conditioning Desktop machine having power backup? UPS with non working batteries to be repaired to prevent again power outage and impurities. Servers having power backup? What is the duration of backup? Servers are configured to shutdown automatically due to low battery? UPS should be covered under warranty and regular health checkup to be done by Authorizes personal. All network equipments having power backup?

Internal Use Only

Internal Use Only