IT systems security audit
For many years, we have been analysing and testing the security of IT systems.
Audits shall be conducted in accordance with proven standards.
We perform verification and audits in relevant areas of IT security, including in particular:
- Network security
- Analysis of attack vectors
- Analysis and evaluation of access control
- Business Continuity Analysis
- Identification of single points of failure
- Physical security of systems
- Legal aspects of security requirements
- Threats identification
- Level of user awareness
- We also perform security tests, the nature of which depends on the stage of the analysis. In order to plan the tests properly, we follow best practices and use appropriate tools.
We recommend conducting an IT system security audit regardless of the size of the organisation.
We conduct audits based on proven standards:
22301, ISO 22301, ISACA, NIST
Planning
The audit planning stage is used to collect the information needed to carry out the analysis.
We determine which assets should be assessed for the presence of specific risks.
In addition, we identify security control methods and examine their effectiveness.
Implementation
At this stage of the audit, vulnerabilities should be identified and the possibility of their exploitation confirmed.
This stage should address the activities carried out under the chosen evaluation method and analysis technique.
Although the specific actions for this phase vary depending on the type of area being assessed, once completed we should have identified organisational, system and network vulnerabilities.
Reporting
The post-implementation phase focuses on vulnerability analysis to determine their causes.
A report is being prepared containing recommendations for actions to minimize the effects of the vulnerability or to eliminate them.
In addition to the conclusions drawn from individual verifications, the report also takes into account the course of implementation and the results obtained from individual methods of analysis.