| Information security audit |
 |
 |
 |
|
Why do you need the audit? Security audit gives you the understanding of how good is your information system protected from the external and internal threats. Regular audit will let you keep your information security system on a proper level, timely reveal the potential problems, control the execution of security policy rules in your company.
What types of security audit do we offer? Penetration testing – reveals the vulnerabilities of your company’s Internet resources from outside. We check your servers (websites, FTP, email etc.) connected to the Internet, detect the weak points and configuration errors, safely exploit the vulnerabilities using the same methods as hackers to obtain the unauthorized access to sensitive information. Internal security audit – need physical access of the auditors to the company’s resources. Our experts will interview the managers of all levels, research the business processes of the company, the structure of its information systems, rules of access restriction and internal documentation regulating the ways of critical information handling and processing. Then we test how well is the system protected from internal threats, check the configuration of the servers and local computers, the software installed, updates and patches, effectiveness of antivirus, antispyware and firewalls. Also we verify the backup strategy, methods of information storage and safety from unexpected intrusions. Software security analysis – helps the software vendors estimate the security of their products. We analyze the websites, content management systems, instant messengers, VoIP software and any other client or server-side programs where the information protection and reliability is one of the most important criteria. We may perform the audit in both white-box and black-box modes. When analyzing a white-box, we thoroughly test the executable files along with their source code. This approach allows us to reveal not only the program’s vulnerabilities, but also the errors in design, coding and algorithms implementation. When we test a black-box, we do not have source code. We just verify the executable files and the same installation package as the end-user receives. The result of all above audits is being delivered in the form of detailed report with our experts’ recommendations on how to eliminate all found problems and vulnerabilities.
Why the security audit should be performed by independent experts? Your in-house specialists responsible for the information security in your company, must regularly check the results of their work within their competence and within certain restrictions in permissions and resources they have. The independent experts are looking at your system from outside with fresh eyes relying upon the huge knowledge base they have collected while performing the security audit for many different companies for years. The external auditors give an actual unprejudiced estimate of the current state of information security in your company.
Why our company? We use the regulations of international standards combined with our own methodology developed during 15 years of experience in IT security. We constantly improve our methodology taking into account the today’s threats. A part of work related to vulnerability scanning is automated using the leading proprietary software products which allow to check a system against tens thousands attacks for a short time. The most complex part of work is performed manually by our experts who use their high skills to safely penetrate the system, to eliminate the vulnerabilities and, finally, to develop the recommendations and best practices to protect your information from future threats and attacks.
|