| What are the general components to review in the | | | | Other security controls such as confirmation if wireless |
| event there is a merger, acquisition from IT Point of | | | | network is encrypted, unnecessary services running in |
| view? A thorough technical security assessment and | | | | the servers, authorized personnel have access to |
| audit should be conducted on-site to provide | | | | critical data (Not everyone!), non business software |
| assurance on the following: | | | | which may have viruses. |
| Confirmation if there are already existence of trojans, | | | | Existence of a Security Policy |
| worms, viruses, spywares in the office servers and | | | | The responsible IT personal can then provide more |
| PCs. In the event there are very damaging viruses or | | | | information on the state of IT security in the offices. |
| trojans, these threats can infect your network and | | | | Further, a more detailed proposal if additional |
| possible spreading via e-mail, ftp and network sharing | | | | reconfiguration servers, applications and equipment |
| drives. Further, they can also be transported via | | | | such as UPS, Gen-Set, Fire Suppression System to |
| portable hard disk, USB Thumb drives, DVDs, CDs | | | | better support the business. |
| carried by office personnel. | | | | A more detailed study to review if the existing servers, |
| Confirmation if there is a firewall. Firewalls provide | | | | storage systems are capable to support the current |
| more flexibility and capacity expansion in the network | | | | business requirement and future expansion. |
| design. If there is a business requirement to have | | | | This is my view of a Security Assessment based on |
| Internet facing servers, a firewall will allow creation of | | | | my experience of setting up IT strategies of merging |
| separate network segment to house these servers | | | | companies. Of course there will be a lot more |
| and at the same time provides network security. | | | | information to review once the on-site audit |
| Assurances there are no weak points in the network | | | | assessment is carried out. An IT Auditor/Security |
| e.g. modem connecting to the servers and PCs. This | | | | Consultant can then provide a more precise |
| can be the backdoor for intruders to penetrate the | | | | recommendation on the most feasible plan for the |
| office network. | | | | merger. |