IT Services for Public Sector Networks (PSN)

Remaking the future

Cistor Ltd

Unit 7 Glen Court

Canada Road

Byfleet

Surrey KT14 7JL

Phone: 0203 435 5555

E-mail: sales@cistor.com

IT Health Check Services

An IT Health Check (ITHC) provides

assurance that an organisation’s systems are

protected from unauthorised access or

change, and do not provide an unauthorised

entry point into systems that consume

Public Sector Network (PSN) services.

Both internal and external systems must be

tested to provide assurance that no

significant weaknesses exist on network

infrastructure or individual systems that

could allow one internal device to

intentionally or unintentionally impact on

the security of another.

Cistor utilise CHECK, CREST and Tiger-

approved staff, and can assist by providing

the following services:

ITHC Scope Review

External testing

Internal testing

Why NHS & Public Sector Customers rely on Cistor

The UK Public Sector faces huge challenges in meeting austerity and consolidation

objectives. Traditional approaches to IT & network sourcing are stretched to their

limits. A new approach is needed—one which continually drives out cost, without

adding risk.

Cistor focuses on assisting public sector customers to reduce cost, without adding

risk. We work relentlessly on behalf of our customers to source the lowest cost,

manufacturer certified & warranted equipment— without introducing additional

risk in the supply chain. For example, all Cisco Refresh remanufactured

equipment is sourced directly from Cisco, ensuring ISO9001 quality and 100%

provenance of all network components such as firewalls, routers, switches,

wireless access points.

from their own office locations this should also be considered as an external connection and tested.

Internal Assessment

Internal testing includes vulnerability scanning and manual analysis of internal networks. At a minimum we include a review of:

Desktop and server build and configuration,

and network management security

Patching at operating system, application and firmware level

Configuration of remote access solutions

(including solutions for managed devices and BYOD)

Build and Configuration of laptops and other mobile devices such as phones and tablets used for remote access

Internal security gateway configuration (including PSN gateway). Wireless network configuration

Scope Review

Getting the scope of an IT Health Check (ITHC) right is one of the most important aspects in ensuring that the ITHC is a worthwhile exercise and provides the correct level of assurance. Cistor can assist you in setting the correct scope, which will typically include:

Internet facing systems, such as email and web servers

Remote access systems and/or VPNs

Any third party connectivity

Firewalls

Internally facing systems, such as desktops, servers, wireless access points

PSN gateways

We do this in a one-day workshop format, which will also include a high level assessment against ITHC

controls, to identify any critical gaps early on .

Assessment Options

External Assessment External testing includes systems that provide services on the internet such as email servers, web servers and other systems such as the firewalls that are in place to prevent unauthorised access from the internet into an organisation. External testing should also include any systems in place to allow staff to connect into an organisation remotely. These remote access solutions normally involve VPN that should be tested as part of external assurance. If an organisation is dependent on third-party suppliers and they have access to and from systems

What security risk does BYOD pose ?

IT Health Check assessment options