Name:

*to
Dayedit, click on File and make your own copy or download to Excel 1 2 3 4
1 Review Audit log anomolies/alerts
Check application log alerts for for service startup errors, application or
1.1
database errors and unauthorized application installs
Check security log alerts for for invalid logons, unauthorized user
1.2
creating, opening or deleting files

1.3 Check system log alerts for hardware and network failures

Check web/database/application log alerts for warning and error

1.4
messages

1.5 Check directory services log alerts from domain controllers

Check any systems that failed to forward logs or that could not be
1.6
reached

1.7 Report suspicious activity to IAO

2 Perform/verify daily backup

Run and/or verify that a successful backup of system and data files has
2.1
completed
Run and/or verify that a successful backup of Active Directory files has
2.2
completed on at least one Domain Controller
3 Track system performance and activity
Check monitoring application for systems with excessive memory
3.1
usage
Check monitoring application for systems with excessive system
3.2
paging

3.3 Check monitoring application for systems with excessive CPU usage

Check monitoring application for systems with excessive network

3.4
utilization

3.5 Check monitoring application for systems with excessive disk I/O

3.6 Check monitoring application for systems with low disk space

Take appropriate action as specified by site’s Standard Operating

3.7
Procedures
4 Antivirus system
Check monitoring application to confirm all systems are on latest
4.1
antivirus definitions
Investigate and remediate any systems that are not reporting into the
4.2
antivirus management application
 Investigate any malware alerts and take appropriate actions as
4.3
specified by site’s Standard Operating Procedures
5 Physical checks of system

5.1 Visually check the equipment for amber lights, alarms, etc

Take appropriate action as specified by site’s Standard Operating

5.2
Procedures
6 Messaging Hygiene system

6.1 Review message quarantine (if applicable) for false positives

6.2 Confirm antimalware definitions are up to date

7 Web Filtering system

Review any alerts or policy violations and take appropriate actions as
7.1
specified by policy

7.2 Confirm site definitions are up to date

 Last Update: Description:

5 6 7 8 9 10 11 12 13 14
 Name:

Week (Half Year) 1 2 3 4

1 Archive Audit logs

2 Perform/verify weekly backup

3 Run Anti-Virus scan on all hard-drives

4 Check Vendor Websites for Patch Information

5 Compare system configuration files against a baseline for changes

6 Run file system integrity diagnostics

 Last Update: Description:

5 6 7 8 9 10 11 12 13 14
 Name:

Month Jan
1 Perform Self-Assessment Security Review

1.1 Review technology checklist for any changes

1.2 Run current security review tool

1.3 Import results into Vulnerability Management System (VMS)

2 Perform Hardware/Software Inventory

2.1 Review hardware and compare to inventory list

2.2 Review software and compare to inventory list

2.3 Update VMS, where applicable

3 Run Password-Cracking Tool

Run (or verify IAO team has run) a password-cracking tool to
3.1
detectweak passwords

3.2 Provide output to IAO team

4 Perform/verify monthly backup

Run or verify that a successful backup of system and data files has
4.1
been completed
5 Verify User Account Configuration

5.1 Run DumpSec tool to verify user account configuration

5.2 Verify and/or delete dormant accounts with IAO approval

5.3 Provide output to IAO team

6 Patching and updates

Deploy all operating system, first and third-party application patches
6.1
and updates to test systems and confirm functionality

Confirm all systems are up to date for both operating system, first and
6.2
third-party applications

6.3 Investigate and remediate any systems that are not updating

6.4 Update master images/template for VMs and workstations

6.5 Review, test, and deploy any firmware updates to network infrastructure

7 Managed services
 Review managed services including IaaS, SaaS, and PaaS for
7.1
notifications, alerts, and SLA adherence

Review licensing consumption to ensure adequate reserves for

7.2
anticipated growth
 Last Update: Description:

Feb Mar Apr May Jun Jul

Aug Sep Oct Nov Dec
 Quarter
1 Backup/restore
Test backup/restore procedures by performing restores of data (to
alternate locations) to confirm successful data recovery. Be sure to
1.1
include data, databases, email systems, and virtual machine snapshots
as relevant
1.2 Perform quarterly backups of systems as appropriate

2 Quarterly maintenance
Test and deploy Cumulative Updates/Update Rollups as appropriate
2.1
(Microsoft Exchange systems)
Perform quarterly database optimizations (defragementation, slack
2.2
space recovery) on relevant systems
Review current growth rates for storage consumption, licensing, etc.
2.3
and ensure adequate headroom
3 Routine maintenance

3.1 Perform printer cleaning/maintenance

Confirm all fans on servers and network equipment are clean and
3.2
circulating air appropriately
Test and confirm UPS systems are providing backup power as
3.4
appropriate
Name: Last Update:

Q1 Q2
Description:

Q3 Q4
 Year

1 Change Service-Account passwords

2 Review appropriate Security Technical Implementation Guides (STIG)

3 Participate in STIG Technical Interchange Meetings (TIM)

4 Review training requirements

Review existing hardware warranties/end of support and include

5
required replacements in budget planning
Test DR/BCP plan and update as required for new systems, software,
6
etc
Review Acceptable Use Policy and Information Security Policy,
7
updating as/if required
Ensure all users complete annual security awareness, data protection,
8
and privacy plans
Review and update personal and team training plans for continuous
9
learning

10 Review all firewall rules and remove any which are no longer required

Review all group memberships and update as appropriate for changes

11
in role
Review all privileged access and update as appropriate for changes in
12
role
Name: Last Update:

2018 2019
Description:

2020 2021
2022
 The Ultimate Network Security Checklist Made Easy W
GFI Software provides simple yet powerful software solutions that enable small and medium-sized bus
and collaborate securely. With the recent launch of GFI Unlimited, your company is able to have

Network Security & Management

#1B365D

Network security scanner with vulnerability

and patch management
LEARN MORE

Unified threat management solution without

complexity
LEARN MORE

Active network monitoring

and log data analysis
LEARN MORE

Centralized IT network management software

with business antivirus
LEARN MORE

Web security, internet monitoring and access

control
LEARN MORE
Access control and portable storage device
security
LEARN MORE
ecklist Made Easy With GFI Unlimited
ble small and medium-sized businesses worldwide to operate, communicate
d, your company is able to have all the below solutions for $24 per-unit

Communications & Collaboration

Email security and anti-spam for

your mail servers
LEARN MORE

Enterprise-class email and chat

solution
LEARN MORE

Server archiving for productivity, management

and compliance
LEARN MORE

Active network monitoring and

log data analysis
LEARN MORE

Fax quickly, securely, and from any of your

existing applications
LEARN MORE
Active network monitoring and log data
analysis
LEARN MORE