How to do a quick “IT Security Assessment”?
Being part of the security team means you have to always be on your toes handling things from compliance to incidents to just anything under the sun related to security. If this was not enough, you are the one blamed for any security breach occurred. At the end of the day, it is a thankless job which does not help you make much friends at work.
Security teams are overwhelmed by a number of security & regulatory audits like ISO 27001, NIST, PCI DSS, SOC, SOX and so on… which eats away a considerable amount of working hours and shifts the focus away from actual security related activities.
Keeping the above in mind, I have created a comprehensive “Security Checklist” which can help conduct a quick and effective assessment and help define the overall security posture of the organization. Once you have managed to comply to this checklist, conducting any other compliance audit would be quite easy and less time consuming as you would already have the groundwork done.
This security assessment consists of only 6 domains:-
These 6 security domains would cover almost the entire “IT Landscape” and would ensure meeting the baseline security requirements of any organization. Conducting audits like ISO 27001, NIST post this assessment would require a shorter turnaround time than usual.
The checklist is pre-dominantly suitable for on-premises environment but can also by used for cloud-only or hybrid deployments. Also, this being an “IT Security Assessment” checklist, other aspects of security like Personnel security, Physical security etc. are not considered.
The IT Security Assessment Checklist-
Below is a spreadsheet version of the checklist. You may use it to assess your current security posture.
