ithc brochure a4
TRANSCRIPT
IT Services for Public Sector Networks (PSN)
Remaking the future
Cistor Ltd
Unit 7 Glen Court
Canada Road
Byfleet
Surrey KT14 7JL
Phone: 0203 435 5555
E-mail: [email protected]
IT Health Check Services
An IT Health Check (ITHC) provides
assurance that an organisation’s systems are
protected from unauthorised access or
change, and do not provide an unauthorised
entry point into systems that consume
Public Sector Network (PSN) services.
Both internal and external systems must be
tested to provide assurance that no
significant weaknesses exist on network
infrastructure or individual systems that
could allow one internal device to
intentionally or unintentionally impact on
the security of another.
Cistor utilise CHECK, CREST and Tiger-
approved staff, and can assist by providing
the following services:
ITHC Scope Review
External testing
Internal testing
Why NHS & Public Sector Customers rely on Cistor
The UK Public Sector faces huge challenges in meeting austerity and consolidation
objectives. Traditional approaches to IT & network sourcing are stretched to their
limits. A new approach is needed—one which continually drives out cost, without
adding risk.
Cistor focuses on assisting public sector customers to reduce cost, without adding
risk. We work relentlessly on behalf of our customers to source the lowest cost,
manufacturer certified & warranted equipment— without introducing additional
risk in the supply chain. For example, all Cisco Refresh remanufactured
equipment is sourced directly from Cisco, ensuring ISO9001 quality and 100%
provenance of all network components such as firewalls, routers, switches,
wireless access points.
from their own office locations this should also be considered as an external connection and tested.
Internal Assessment
Internal testing includes vulnerability scanning and manual analysis of internal networks. At a minimum we include a review of:
Desktop and server build and configuration,
and network management security
Patching at operating system, application and firmware level
Configuration of remote access solutions
(including solutions for managed devices and BYOD)
Build and Configuration of laptops and other mobile devices such as phones and tablets used for remote access
Internal security gateway configuration (including PSN gateway). Wireless network configuration
Scope Review
Getting the scope of an IT Health Check (ITHC) right is one of the most important aspects in ensuring that the ITHC is a worthwhile exercise and provides the correct level of assurance. Cistor can assist you in setting the correct scope, which will typically include:
Internet facing systems, such as email and web servers
Remote access systems and/or VPNs
Any third party connectivity
Firewalls
Internally facing systems, such as desktops, servers, wireless access points
PSN gateways
We do this in a one-day workshop format, which will also include a high level assessment against ITHC
controls, to identify any critical gaps early on .
Assessment Options
External Assessment External testing includes systems that provide services on the internet such as email servers, web servers and other systems such as the firewalls that are in place to prevent unauthorised access from the internet into an organisation. External testing should also include any systems in place to allow staff to connect into an organisation remotely. These remote access solutions normally involve VPN that should be tested as part of external assurance. If an organisation is dependent on third-party suppliers and they have access to and from systems
What security risk does BYOD pose ?
IT Health Check assessment options