CalidCo's Approach  to Secure your Network

  Every business, including yours, has valuable IT assets such as computers, networks, and data. And protecting those assets, requires that companies big and small conduct their own IT security audits in order to get a clear picture of the security risks they face and how to best deal with those threats.

The following are subset of steps that we take to collect information before recommending a security plan.

Defining the Scope of the Audit

 Define the Security Perimeter where audit is performed.

 DMZ architecture

Obtain an approved  list of asset to be part of the audit, i.e Computers, laptops, Routers and networking equipment, Printers, memory stick,  customer information, employee information, Company smartphones/ PDAs, VoIP phones, IP PBXs (digital version of phone exchange boxes), related servers, VoIP or regular phone call recordings and records, Email,

• Log of employees daily schedule and activities

• Web pages, especially those that ask for customer details and those that are backed by web scripts that query a database, Web server computer, Access points

•  Network Policy, (password policy, file access policy, database access policy, database log analysis)

•  Access control List

• Logging of data access. Each time someone accesses some data,is it logged, along with who, what, when , where , etc.

• Email spam filters

•  External Email entry points

• Intrusion detection

•  Network Scanning plan

• Identity and Access Management policies for authentication and access authorization

• Server data access group policies

• .....

Once the security questionnaire data is completed, we work with your team to come up with a recommended design and to provide you a written detail report on the collected information, and summary of recommended next step required to successfully secure your environment.