Information Request Form
The information request form (as shown in Table B.1) will provide you with information that helps define the size and scope of the assessment. If you can't gather all this information before the initial meeting, that's okay because after management has given the project the green light, you'll have the additional support to gather more information.
Contact Name |
Phone Number |
Cell Phone |
|
Mail Stop |
Administrative |
For this section, please describe administrative aspects of your organizational environment. |
What is the core mission of the organization? |
How many locations does the organization have? |
Does the assessment encompass all locations or just a limited number of sites? |
What event is driving this assessment? |
Does the organization have existing security policies and procedures? |
Does the organizations have physical controls in place to control the movement of employees and visitors? |
Do any vendors or corporate partners have access to the network? |
Are any IT services outsourced, and if so, which ones? |
Technical |
For this section, please describe technical aspects of your organizational environment. |
How many servers are located at each site? |
What OSs are in place for these servers? |
How many workstations are located at each site? |
What OSs are in place for these workstations? |
What networking protocols are used? |
Are there any mainframes? |
How many connections are there to the Internet? |
What services are made available externally? |
What services are made internally? |
Is wireless technologies used? |
Is VoIP used? |
What types of redundant systems are in place? |
Security |
For this section, please describe the security aspects of your organizational environment. |
What type of encryption technologies are used? |
Is there a VPN? |
Is authentication centralized? |
What type of authentication systems are used? |
How is access controlled? |
What type of firewalls are used? |
Is there an IDS/IPS in place? |
Legal |
For this section, please describe the legal aspects of your organizational environment. |
What state, provincial, and federal laws must the organizations comply with? |
HIPAA |
GLB |
SOX |
Family Education Rights and Privacy Act |
National Institute of Standards and Technologies |