The word audit is a scary one for businesses. Whether you are facing an audit by choice or by necessity, it is enough to strike fear into the most stalwart of owners and managers. So why do we bother? The purpose of a security audit is to help you find areas to improve your business security and ultimately protect your brand that you have worked so hard to build. Although these audits may be viewed as a necessary evil, we truly believe that it should be both an enlighting and educational experience, no therapy required.
With our four part security audit, we will work hand in hand with you to ensure that you are aware of what is going on and getting the information that helps you become better. We evaluate your entire security posture, using a multi-pronged approach to give you a realistic view of how effective your layers of protection work. In our report, expect to get key recommendations for areas of improvement and even potential methods to make those changes. We also include post-audit support, giving you access to an expert who can go over the report step by step and for technical and non-technical people alike.
A full review of company policies and procedures relating to security will be done as a part of your audit. Security policies are an important part of the audit because they set the tone and importance for security procedures for day to day operations. We'll review how your company's policies contribute to your overall security, disaster recovery planning, and access controls.
The infrastructure review starts with a complete inventory of devices and software within your system and connecting to your system. We evaluate secure configurations, access control strategies, device based vulnerabilities, networking vulnerabilities, and much more. We also review auditing processes, logging and monitoring, physical access control, wireless access control, and malware defenses. During this portion of the audit, our goal is to determine the innate or hardware based security of your system. In other words, what is the base vulnerability level of your set-up?
This is the stage in auditing that can be the most frightening and misunderstood for those who are new to security audits. However, a well explained and conducted testing evaluation is a cornerstone for understanding your network's security. During this stage, the level of testing is determined by the client and ranges from external vulnerability scans to external penetration tests to internal penetration tests. We'll explain the difference in all of these tests and the protocols in place to protect you and your business. When the testing is done, you'll be able to create the best defense against offensive attacks and feel confident in your system's ability to remain secure against attacks.
The compliance review portion is divided into two parts: internal and external. The internal compliance review entails a review of how well the company is compliant with their own security policies and procedures. This is where security intentions are compared to network actualities. The external review portion looks at appropriate industry standards and specially requested standards to evaluate how well the company meets the required or suggested standards for their area. This final portion of the audit is where you set the bar for how secure you would like your company to be and find out how your current processes measure up.