Independent Security Audits
A security audit is a structured review of the security configuration of your systems against a recognised framework, such as ISO/IEC 27001, NIST, PCI DSS and the GFSC Cyber Security Rules. These reviews are not limited to technological controls; we consider people and processes too. A typical review might include:
- Firewall configuration
- Security settings on critical servers
- IT security policiesy
- Physical security
- User administration and employee vetting
- Change and configuration management
- Logging and monitoring
- Backup and recovery
- Incident response plans and procedures
You will receive a detailed report explaining the issues and deficiencies, and what impact they may have on your organisation. Every finding has practical risk-based recommendations for mitigation. Issues are assigned a risk rating to help you prioritise you remediation work. Other benefits of our work include:
- Compliance with regulatory requirements
- Evidence that your precious IT/IS spend is applied where it is most needed
- Good controls make for a healthy, efficient and well-run company, which is therefore more profitable
- Practical, objective actions that you need to take to stay out of trouble
- Peace of mind that reviews have been done by an experienced specialist
Assessments are tailored to comfortably fit budgets and businesses of all sizes. A review can range from a full audit of all aspects of information security, to a deep dive into one particular area, or a simple health-check that only covers key controls.