Security Audits are conducted to assess the organization’s current security posture against the desired state of cybersecurity.
The desired state could be legal/regulatory requirements, guidelines, client/ certification standard requirements.
We follow a very methodical approach in conducting security audits.
- IT Asset details are obtained with relevant technical information
- Determination of Audit Scope and Audit Objectives
- Agree on Timelines and Audit stages
- Policies, Processes and Procedures are reviewed
- Existing documentation is collected for further analysis
- Interview of relevant people to obtain operational information
- Client site visits for physical review, whereever applicable
- All information gathered during earlier phases is analysed against the desired state.
- This is done using applicable CAAT (Computer Aided Auditing Tools)
- Findings from analysis phase are given a “Risk Rating” based on criticality.
- Recommended solution for remediation of the findings is shared with the clients
- Security Audits are conducted to assess the organization’s current security posture against the
- desired state of cyber security.
- The desired state could be legal/regulatory requirements, guidelines, client/ certification
- standard requirements. We follow a very methodical approach in conducting security audits.