One thing's for sure, there are many choices when it comes to hardware, software and everything in between. Many organizations choose to have an IT Assessment as their organizations grow to determine the platform for moving forward. An assessment is also a good way to see what other organizations are doing to protect their data and internal operations. We will discuss: IT Internal Controls, Disaster Recovery, Software Audit Trails, Protecting sensitive Data

1. Thrive. Grow. Achieve.
De-Mystifying the
IT Assessment
Nate Solloway
November 17, 2015

2. WHAT’S ON TAP?
• What we do
• Why do an IT Assessment?
• Is this a threat to my IT Staff?
• Procedure
• Network Infrastructure
• Network Security
• Disaster Recovery
• What’s New?
• Are You Being Served?
• IT Budget Review
2

3. WHY DO AN ASSESSMENT?
3

4. WHY? PLANNING FOR THE FUTURE
• IS IT TIME FOR UPGRADES?
• PREPARING FOR AN RFP
• TIME TO INTRODUCE NEW TECHNOLOGY
• IMPROVE BUSINESS PROCESSES
• PCI OR HIPPA COMPLIANCE
• SEEKING CYBER-INSURANCE
4

5. WHY? WAS THERE A PROBLEM?
• WAS THERE A SERVER OUTAGE?
• AN AUDIT IS COMING UP
• STAFF NEED ASSESSING OR THERE IS POTENTIAL LOSS OF STAFF
• RECURRING ISSUES
• SECURITY CONCERNS
5

6. ITEMS FOR REVIEW
• STAFF
• TECHNOLOGY
• INFRASTRUCTURE
• POLICIES, PROCEDURES AND PRIVACY
• PLANNING FOR A MOVE?
• SOFTWARE , AMS
• IT PLANNING FOR THE NEXT FEW YEARS
6

7. WHAT ABOUT MY IT STAFF?
7

8. COACHES NOT ADVERSARIES
8

9. AN ASSET MANAGER, NOT A STOCK
BROKER
• THEY ARE PART OF YOUR TEAM
• EXPERIENCES FROM OTHER SIMILAR ORGANIZATIONS
• TRAINING RECOMMENDATIONS
• IN-HOUSE OR THE CLOUD?
9

10. HOW DOES THE PROCESS WORK - IT
INFRASTRUCTURE ASSESSMENT?
Raffa Assessment Methodology
IT Structure Analysis
- Perform Interviews with key stakeholders
- Identify current/future IT needs in line with your vision
- Review current system architecture
- Review current servers and storage hardware configurations
- Review network configurations and their capacities

11. IT INFRASTRUCTURE ANALYSIS
Review domain configurations
Review enterprise back-office components and their
configurations
Review existing security requirements and compliance
Review disaster recovery requirements and strategies
including existing data backup/restore mechanisms, hardware,
software
Review current Total Cost of Ownership (TCO)

12. DOES YOUR NETWORK LOOK LIKE THIS?
12

13. OR THIS?
13

14. EVERYONE HAS SOMETHING TO
PROTECT
• Intellectual Property
• Human Resources Information
• Your Financial Data
• Your Customer Databases
• Your Customer’s Data
• Marketing and Sales Data
It’s not Just About
compliance with
state and federal
regulations.
It’s about
protecting your
company, your
employees and
your customers
Is it time for a Security and Compliance Assessment?
Financial
Healthcare Legal
Professional Services

15. WHAT ARE OUR DATA CONCERNS?
• UNAUTHORIZED ACCESS
• CONCERNS WITH IN-HOUSE STAFF
• EXTERNAL THREATS
• PRIVACY AUDIT
15

16. SECURITY CONSIDERATIONS AND
ACTIONS
Strong password
policy is the first
line of defense
against a data
breach
STRONG PASSWORD POLICIES
Benefit: Strong password policies help to reduce the risk of a breach. Policies should also
provide guidance to reduce the risk of human error breaches. Strong passwords should meet
these standards at a minimum:
• Lower case characters
• Upper case characters
• Numbers
• "Special characters"(@#$%^&*()_+|~-=`{}[]:";'<>/)
• Contain at least 12 but preferably 15 characters.
Is it Time for a Security and Compliance Assessment?

17. SECURITY CONSIDERATIONS AND
ACTIONS
Security is as
much about
people and good
process and well
documented policy
as it is about your
IT infrastructure
PROCESS AND PEOPLE MANAGEMENT

18. DISASTER RECOVERY
18

19. 19

20. ARE YOU BEING SERVED?
20

21. IT BUDGET REVIEW
21

22. QUESTIONS?
22