|
Home SolutionsIT SecurityAudit Offerings
Audit Offerings
Engagement Type: Annualized Contract
Target Market: Medium to Large Enterprise
ROI / Selling Focus: Compliance assurance providing additional value
through a bottom-up approach detailing technical priorities and business
justifications.
Information Systems Audit
Provides an overview of the security posture of an information system.
Audit of a selected information system to ensure proper design and implementation
best practice is followed; security and audit controls exist and are properly
maintained as well as identify technical and business risks associated with
management and control issues.
Standard deliverables focus on providing an overview of the security posture of the
information system, a report of identified and required security measures for both
technical and process issues.
Policy & Procedure Audit
Ensure compliance with industry best practice and enhance organizational security
posture.
Audit of current organizational policy and procedures for compliance with standards
such as CobiT, ISF Standards of Good Practice, ISO-17799, and additional industry
specific requirements.
Standard deliverables provide an overview of the current business situation and
detail areas requiring short and long term improvement.
Code Audit
Review code for vulnerabilities and integration of security best practice.
Review developed code (C, C++, Java, .Net, etc) for suitable integration of security
precautions and audit procedures to ensure information systems are properly
protected and audited. In addition, the audit process searches for technical
vulnerabilities and evidence of potentially unauthorized or unintended functionality
incorporated in the code.
Standard deliverables focus on providing a review of how the developed code
reflects against information security best practice, a detail of vulnerabilities
discovered, and a set of recommendations that facilitate immediate security
improvements.
Business Continuity / Disaster Recovery Audit
Provides an overview of the effectiveness of BCP/DRP program and facilitates
process improvement. Reviews current BCP/DRP plans for compliance with industry
best practice. Compare current plans against similar organizations and inventory
organizational BCP/DRP practices. Once completed, issues are identified and
improvement plans are prepared.
Standard deliverables provide an overview of current BCP/DRP posture and an
inventory of current standards, processes and documentation. Recommendations
facilitate development of required processes and review procedures to ensure an
effective long term BCP/DRP solution.
Compliance Audit
Measure and improve your organizations compliance with identified policies.
Review of selected policies, systems, programs, business processes, organizations
and organizational accountabilities to measure compliance levels and identify areas
for improvement and budgeting.
Standard deliverables provide a detailed situation analysis, inventory of compliance
issues and required controls, risk metrics used, and policy recommendations for
further improvement.
Information Asset Classification Audit
Identify and classify information assets throughout the organization. Identifying
assets, their locations and value, define how organizations budget the required
amount of time, effort and money that is required to secure their assets. Standard
deliverables provide an inventory of the assets, details of the accountability of assets,
required policy and process templates for ongoing internal information classification
and recommendations for process improvements.
|
|
© 2006 ComTec.
