Question

What will you review and assess within the Workstation Domain as part of this security assessment?

Answer 1

Security Assessment is the periodic exercise that tests your organization's security preparedness.it includes a check for also flaws or vulnerabilities in your IT systems and business processes as well as recommending steps like how to lower the risk if anything happens in the future. It is very important in order to maintain the system up to date.

Its the process which can be conducted internally by the IT team or any third party assessor.

A security assessment will help you to identify risk in behaviors of employees and take actions to better train them. Here are a few important reasons that you should be conducting regular security assessments for the betterment :

1. Today most of the companies are using cloud which is considered to be open to everyone.according to the Gartner research by 2020 95 percent data of every company will be available on cloud which will be access by user unnoticeably which is why a security assessment has to be taken for making it sure that it is not been hacked. So a separate core assessment team has to be created. This will be responsible for leading the assessment, preparing the report, and suggest recommendations.

2.The policies which are already existing it has to check. Your security policy will be covering your security strategies, data backup plans, password management policies, security update/patch timelines, and many other details included and if you don't have one it is the right time to design one.

3. Prepare one comprehensive list of all it assets that are being used in the company. This will include all the software, hardware, networks, servers, desktops, laptops, software applications.so the company will be having a note of what is being used.

4. Understanding the threats and vulnerabilities and prepare a list of it and all those issues also which is being faced previously.so in the case of any problem or attack we can cross-check with the list and rectify that problem easily.

5. A plan has to be designed to list the existing control system in place and outline further action which will be helpful to mitigate the identified risks.These controls include changing in procedures, training content or any configuration.