An independent audit of information security is required for an objective assessment of the state of protection system of any organization. In the course of its implementation, the existing systems and processes are analyzed, current safety rules and policies, implementation of regulations, requirements of industry regulators are studied.
During the audit we carry out the necessary set of measures:
- analysis of the existing methodology of risk assessment;
- analysis of existing documentation;
- analysis of existing processes of information security;
- analysis of hardware and software configuration;
- introduction of specialized systems and software for the collection of technological information;
- analysis of processes of granting access rights;
- analysis of IT infrastructure as a whole;
- definition of business and technical functions of network segments, services and their interaction scheme;
- search for vulnerabilities of external and internal infrastructure segments;
- verification of systems, documentation and processes for compliance with certain standards and requirements (if necessary);
- demonstration and discussion of the previous report with the customer’s representatives;
- providing the resulting report with detailed recommendations to improve the effectiveness of information security.
As a result of the audit, you receive a detailed report with a list of existing gaps in your security system, detailed recommendations for how to eliminate current shortcomings and help in their elimination.