“If and when AI is weaponized for cyberattacks, the technology becomes evil-infinity,” were the words uttered by an anonymous cybersecurity veteran a few years ago. Turns out, his fears are [...]
In our time, data is the new oil, experts say. Protecting a company’s data assets, ensuring their confidentiality, integrity, and availability can be extremely important and even critical for a business.
If there is any error or threat within the IT system
- confidentiality of data (may be in the possession of unauthorized persons),
- integrity of data (may be modified by unauthorized persons),
- availability of data (they are destroyed by accidental or incidental events or become inaccessible for a while)
may be damaged and beyond the loss of prestige, the financial and legal consequences can be negligible.
During the IT audit, we assess the following areas
- risks inherent in business processes
- control weaknesses
- threats, dangers
- fulfillment of information security criteria
- infrastructure as a whole
- architecture adequacy
- custom system settings
- compliance with hardening requirements connected to the manufacturer’s recommendations
- monitoring and incident management capabilities
Some of the faults and threats to IT systems can be traced back to the human factor, which can result from unqualified, omission, or deliberate action, and it is therefore important that surveys are carried out by an independent expert.
During the assignment we compare the company’s IT system with the relevant standards, security requirements and professional recommendations as required:
- ISO 2700x
- NIST 800-53
- ISO 27014
- ISO 20000
- ANSI TIA-942
- Common Criteria
- During each IT audit it is also possible to detect and document the differences between the internal rules system and the practices applied based on the above standards and recommendations.
After the surveys, a detailed status report will be prepared. We identify a risk of discrepancies and deficiencies identified based on the business activities and processes of the audited organization. As part of this report, we are preparing a plan of actions that will include proposed measures to address the identified deficiencies.
As a summary of the audit report, an executive summary is also prepared, which contains the IT audit methodology, the system of tools, the identified shortcomings with a risk rating and recommendations that can be implemented at the level of the given organization. The executive summary can also be used as a decision preparation material. If needed, we can help you implement the suggestions.