Tel: +44(0)1529 306284

Security Audits

Security Audits

Security audits should form an integral part of an organisations information security policy and procedures. As it effectively helps to measure the protection applied to electronic data that has either been created, stored or manipulated by systems. Frequently, there is a misconception that the term relates to the application of security measures to just the electronic devices and equipment that would make up a computer network. Such as, firewalls, routers, intrusion detection or other monitoring systems and the provision of effective policies and procedures such as the implementation of an effective antivirus policy.

Information security covers others area, which when combined together, should provide a comprehensive security solution and would include:

  • Human Security
  • I.T. Security
  • Physical Security

Information security needs to be:

  • Supported and approved by management, published and communicated, as appropriate, to all employees and relevant external parties.
  • Reviewed periodically or when significant modifications take place, so at to ensure policies remain current and appropriate.

Consideration should be given as to how best to organise information security, breaking it down into groups, such as:

  • Internal
  • External

Areas of Audit

Examples of other areas that are frequently included in security audits and policy compliance are likely to be:

  • Access Control to:
    • Network(s)
    • Operating system
    • Physical
    • Application(s)
    • Information
  • Asset Management
  • Back-up
  • Business Continuity
  • Communications Management
  • Compliance with:
    • Legal Requirements
    • Security Policies
    • Standards, Technical and Non-Technical
  • Cryptography
  • Development and Support Processes
  • Equipment (Tangible)
  • Human Resources
  • Incident response
  • Information:
      • Classification
      • Exchange
      • Loss
      • Security events
      • Systems Audit considerations
      • Weaknesses
  • Media Handling
  • Mobile Computing
  • Monitoring – IDS
  • Network Security Management
  • Online Commerce
  • Operational Procedures and Responsibilities
  • Operations Management
  • Physical and Environmental Security
  • Processing – Validation in Applications
  • Protection -Against Malicious and Mobile Code
  • Secure Areas
  • System:
      • Acceptance
      • Acquisition
      • Development
      • File Security
      • Maintenance
      • Planning
  • Third Party Services
  • User:
      • Access Management
      • Responsibilities
  • Vulnerability Management

In today’s business environment, everyone has IT assets such as computers, networks, mobile devices and most importantly data. To protect those assets, companies need to undertake IT security audits so as to establish the level of security that exists together with their potential threats, we can help…

“Systems, are only as secure as their weakest link.”

I.T. Security Audits, offer a method by which organisations can establish whether measures in place provide adequate security to maintain the integrity, availability and confidentiality to information. Audits need to cover both technical and non-technical elements and their associated risks.

For more information on the Security Audit services we are able to provide.
Tel: +44 (0) 1529 306284. or Email: contact@ccc-ltd.com
 
For examples of projects and cases undertaken: Click Here...