Get to Know the Users/Clients
Once you've studied the "back end" of your network, you need to get to know the user/client community:
What operating systems do your workstations employ? What applications do they run? What is mission-critical?
Are any systems unique in terms of hardware or software?
Look for the ADP payroll software, financial management software, or other applications that have far-reaching effects.
When are your users at work? Do they have any peculiar support needs (operating hours, software, operating systems, etc.)?
Do client machines have good antivirus protection?
What's the level of Internet access? How is it controlled? What are the policies and who sets them?
What is your network password policy? How often do passwords expire? Are users required to use a minimum number of characters? Are they required to use a mixture of uppercase/lowercase ASCII/national characters? Is this enforced? How much enforcement will your network operating system(s) permit? Do you require password-protected screen savers?
What management tools are available to monitor the network to see what's going on with the client/server environment? Are DOLSCH, Sniffer, Network Monitor, Fluke, Singer Meter available? When was the last management baseline done? What's your plan to create a baseline now?
While we're thinking of users, don't forget to look at user training programs:
Are your users reminded periodically to use appropriate Internet discipline?
Are they reminded to log off when away from their workstations?
Are they reminded not to post their passwords next to their machines?
Frequently, sound user training and discipline is the best antivirus protection possible. Who is the company training manager? Is this training added to the intranet? Can it be delivered online or in email (think about a tip of the day)?