What is a security audit?
Easily put, a security audit means verification and assessment of implemented technical and organisational security measures in relation to a norm, a standard, or legal regulations. An audit plays a crucial role in independent assessment of the security measures in place, but also proves useful for the company’s management to understand and prevent various modern threats.
The auditing team consist of specialists with years of technical and practical experience in the field of information security gained while working for international corporations.
We specialise in audits for conformity with requirements and standards:
- ISO/IEC 27001
- ISO/IEC 27032
- ISO/IEC 22301
- NIST 800-82
- CIS Controls
Comprehensive assessment of threats to information security
Our threat assessment provides insight into realistic and potential threats to security of information and their potential consequences. We offer a risk assessment the aim of which is identification and evaluation of risk for information security. We utilise a methodology which is the industry standard all over the world and which provides organisations with data necessary to establish priorities and to maximise information security investment. We also use risk quantification to provide mutual language for the specialists and the management.
Our approach to assessing risk addresses requirements of many standards, including:
ISO 27001, NIST CSF, TISAX, PCI-DSS.
How do we operate?
We take the best approach to conducting a security audit in accordance with international standards. The process is divided into five phases. They encompass activities such as: defining business needs, assessing existing measures and their conformity, designing a project of the desired target state, and creating a step-by-step roadmap that leads the company to that target state.