1. Obtain or construct a building diagram/foor plan. 2. Obtain or construct a physical network diagram. 3. Obtain or construct a logical network diagram. (Software packages can research and... record all hardware information.) 4. Hardware information should include make, serial numbers, numbers of ports as well as !" and #$" numbers. 5. %esearch and record all con&guration, protocol and '#S information. 6. (rint copies of con&gurations &les, keep those copies on tape for remo)able disk. 7. 'ocument speci&c software con&gurations. 8. %esearch and record all corporate contact and )endor information. 9. (roduct and maintain de)ice log sheets for all applicable network de)ices. 10. (roduct and maintain a network cabling labeling scheme. 'o not base the labeling on names of users. 11. (roduct and maintain procedure documentation. 12. (roduct and maintain computer and network acceptable use policies. 13. (roduct and maintain computer and network security policies. 14. (roduct and maintain a disaster reco)ery plan. 15. Schedule to update and maintain these items on a regular basis. 16. #e)er share these documents with unauthori*ed indi)iduals ++ e)er, Steps to audit a network 1. -se outside )endors to conduct and audit. .his will ensure that there is no fa)oritism or politics in the results, and pro)ide credibility with senior management. /nsure the )endor or contractor you use co)ers the items listed below as a minimum. 0ind out who will be conducting the audit and re)iew resume and references from past audited companies. /nsure goals of the audit are adhered to. 2. $t is highly recommended that you perform an internal audit prior to outside audit so you can compare results. 3. /stablish and document baseline performance of all network components. 4. %e)iew, document and analy*e controls o)er $nternet, intranet and network resources. 5. %e)iew and document all network connections, client/ser)er, 1!#, 2!#, etc. 6. %e)iew and document controls o)er network operations and management, load/tra3c management and problem reporting and resolution. 7. %e)iew and assess network segmentation and identify and audit any internal &rewalls. 8. %e)iew and assess a single point of failure analysis. How is your network a4ected by critical e5uipment6 'o you ha)e backups installed and ready6 9. (repare a risk assessment and de)elop and implement a risk mitigation plan. 10. %e)iew and document all software licenses re5uired/possessed for all locations. 11. 7erify and record all installed software. %emo)e all unauthori*ed software and secure hardware and software to pre)ent future downloads or installations.