Investors in People
ISO 27001

ISO 9001

Security Audit services

   - Defines compliance gaps;
   - Evaluates operability;
   - Makes recommendations to improvement.

After correcting the audit findings

   - it reduces the cost of security operation;
   - Increases the level of control;
   - Minimizes the related risks;

Ethical hacking, Penetration test

The benefits of the penetration test are:

  • Preventing financial loss through fraud (hackers, extortionists and disgruntled employees) or through
         lost revenue due to unreliable business systems and processes;
  • Proving due diligence and compliance to the industry regulators, customers and shareholders;
  • Protecting the company brand by avoiding loss of consumer confidence and business reputation;
  • Helping shape information security strategy through: Identifying vulnerabilities and quantifying their
         impact and likelihood so that they can be managed proactively; budget can be allocated and corrective
         measures implemented.

Detailed description

Surprise audit

Parts of the penetration test can be performed as surprise. The initial step in this service is to set the requirements jointly with the customer.

What we do:

  • assess risks jointly with the customer
  • select penetration test areas to perform as surprise

After correcting the audit findings, the company assets will be better protected.

Security Process Audit

Security process audit: based on our business oriented approach we assess the main security processes (e.g. risk identification, evaluation and management, management of user access rights etc.) to provide a clear picture on the operability of the processes and the supporting systems, applications and staff.

What we do:

  • Identify the relevant security processes;
  • Map the main steps of each identified processes;
  • Define process metrics (especially security related metrics);
  • Assess the process performance;
  • Find gaps, non-compliances in the processes;
  • Document findings;
  • Form recommendations for process improvements;

After correcting the audit findings, the operation of the site will be improved through the better established security related processes.

Security Network audit

Network Security Technology Audit: this technology oriented assessment can support the hardening of security devices and provides a better picture on the network built-in capacities and capabilities.

What we do:

  • Understand business goals and requirements on security operation;
  • Gain compliance requirements against network;
  • Define general problems on the network layout;
  • Identify the most important security devices in the network;
  • Assess settings of key-devices;
  • Report findings;
  • Complete corrective actions on settings;
  • Reassess device and network operability;
  • Document changes;
  • Define recommendations on long term improvements and investments.

After correcting the audit findings the security infrastructure will better serving the defined business goals and requirements.

Security Log Audit

The audit log's main objective is to record:

  • Security-related changes to the system environment (for example, changes to user master records);
  • higher level of transparency in information (for example, successful and unsuccessful logon attempts);
  • Information that enables the reconstruction of a series of events (for example, successful or
         unsuccessful transaction starts).

Our experts assess the whole security log collecting procedure and supporting systems or devices. Based on our experiences and audit findings we form some recommendations on strengthening the log control system (incident management mechanism, corrective and preventive measures).

Some fundamental questions answered during the audit:

  • What types of devices can be monitored?
  • How is the device logs sent to a log collecting machine?
  • What events will the service detect (login/logout, failed logins, configuration changes, denied
         connection attempts, failover, update failures, SNMP errors and specific attack attempts etc.)
  • What happens after an event is identified?
  • How are logs handled once they reach the log collecting device?
  • How are notification policies established?

Our auditors are using standard check lists to assure covering the full scope of log management system.

Voice Security Audit

Business survival today requires strong security of information including voice communication infrastructures. Customers, whether they are consumers or suppliers to other businesses and institutions are demanding that the privacy of their information is protected from fraudulent use (eavesdropping, redirect, or unauthorized use) that could damage their reputation or cause financial loss. Also critical is communication availability, where a denial of service security attack can deteriorate system availability or total shut down of system resources, impacting bottom line revenue and system user productivity.

What we do:

  • Discuss specific requirements;
  • Assists customers in taking all possible measures to secure their systems;
  • Configure systems;
  • Document findings.

The service frequency

  • One time engagement or;
  • Semi-annually or;
  • Quarterly.

After correcting the audit findings, all corporate assets will be better protected from unauthorized use, misuse and abuse.

Data Centre (physical) Security Audit

Our experienced staff already performed several data centre security audits. We are using a strong risk based audit approach and during the data centre audits we focus on physical control issues.

What we do:

  • Discuss specific requirements on the data centre (physical) security (industry sector specific
         requirements, standard based needs etc.);
  • Assess the status of physical and environmental controls protect the machine room itself:

          - Perimeter security (barriers, entries, doors, security guards, CCTV, escorting etc.);
          - State-of-the-art physical security including biometric identity verification, zoned access, and
          - Fire suppression equipment or system (e.g., halon system or dry line water suppression and
          - Uninterruptible power supply (UPS);
          - Emergency Power System (EPS) (e.g., generators, transformers);
          - Temperature and humidity controllers (ensure a backup A/C unit exists);
          - Emergency power cut-off switches;
          - Emergency lighting;
          - Controls over power surges and outages;
          - Climate control (zoned cooling);
          - Hardware storage locations (e.g. servers, gateway's, bridges, routers, multiplexors, etc.);
          - Central backup and recovery systems (storage of backups).

  • Document findings and make recommendations

After correcting the audit findings, all corporate data will be better protected from unauthorized use, misuse and abuse.