With the economy the way it is, we have noticed there are some key staff members transitioning from one job to another job via either a job promotion or potentially, a termination. Whenever these key staff members hold job titles within a company's IT group, there is an inherit secure risk that needs to be effectively remediated as these staff members transition out of a company. The risk level associated with an event is critical if the key staff member had domain administrative access to a company's network. Companies need to understand they have obligation or potentially, a fiduciary duty to protect their company's assets from the risk posed to their organization when key staff members depart. At Turner and Associates, we specialize in guiding companies through the risk posed by any key staff member's departure. We have a proven approach that methodically and securely lockdowns any network in any industry, e.g., Financial Institutions, Healthcare, and Government. We also believe that is a 'Best' practice to perform this type of audit at least every two years. When coupled with our network security assessment, companies can be fully assured that all IT security risks posed to an organization have been identified our "Point-in-time" assessment. This engagement is typically divided several phases:
Network Discovery – In this phase, a Turner security expert will systematically locate, gather, identify, and document information on each every device within both the WAN and LAN networks. Information gathered in this phase includes items such as, domain names, IP network ranges/internal and external subnets, information about operating systems and applications, etc.
Device Enumeration – In this phase, a Turner security expert will gather more comprehensive information about all the devices throughout the WAN and LAN, such as open shares, user account information, default configurations, and available services such as FTP, HTTP, Telnet, SSH, HTTPS, etc. This phase identifies all active devices, map any open ports, and identifies software and applications currently running on each device.
Develop Secure Lockdown Checklist – Our audit checklist has three fully developed areas of concern that should be completed in an orderly fashion.
i. Physical Access – Revoke physical access to protect against theft, tampering, or damage.
ii. Remote Access – Secure remote access to protect against Internet based threats.
iii. Infrastructure Access – Secure internal IT infrastructure to protect against internal based threats.
Secure Lockdown Observation – We provide our Secure Lockdown Checklist to the company's current IT staff members. Thereafter, we independently observe and document our secure lockdown being implemented by a company's IT staff members (post event). This allows us to provide independent confirmation for a company that all of the documented devices and key security configurations were change and securely locked down.
Plan of Action and Milestones (POA&M) – In the event a recommended security configuration or password change affects a company's business continuity, we will pull the uncompleted task from our Secure Lockdown Checklist into a POA&M. This will allow management to have oversight of its IT staff members during the remediation phase. Management will have the ability to ensure that are identified that were not remediated during our observation risks are put into the POA&M to remediate post haste. This will allow management to hold the IT staff members accountable for remediating sometimes highly technical findings which management may not fully understand or impact of the security risk posed to their organization.