The following bullet points give a hint on security related things, a small IT should consider to have or do.
Tools
- Password Manager
- Security Policy
- External IT-Audit
- Logical Network Map
- Internal Security Audit
Contents of Security Policy
- Listing of Responsibilities
- Employer Awareness Training
- Physical Access
- Disaster Recovery
- Network / Software Access
- General Access Control
Contents of Logical Network Map
- IP/Hostname
- Model/Type
- Feature/Usage
- OS
- WAN-Map
- Traffic-Map
How to Audit (internally)
- Analyze = Create Inventory
- Understand = Who has access to what?
- Determine = How to prevent?
- Implement = Secure
- Test = External Audit