Information Security Auditing
Benchmarking against a changing cyber threat landscape using
globally recognised frameworks
We use a blend of industry standards and real-world application
to provide you with a detailed view of your cyber security risk
profile. Our consultants frequently work on live incident
response cases so we provide benchmarks based on real-world
experience and scenarios.
An information or cyber-security audit provides senior
leadership in an organisation with a detailed understanding of
their current risks and a roadmap for technology
leaders to make improvements in a logical and staged manner. Our
approach is holistic and looks at an organisation's security
framework from multiple angles with the aim of providing a
view on the client’s current risks. Many
organisations instruct us to conduct regular audits to benchmark
progress over time and the audit is frequently the first stage
of our Virtual CISO service.
Here are some of the focus areas that we review during an
information security audit:
-
1. Organisational Approach to Cyber Security. We review and build upon senior executive buy-in and support and review roles and responsibilities specific to cyber and information security.
-
2. Security Policies, Governance and Compliance. We review and improve your approach to policies and guidance for employees and look at your legal and regulatory obligations to ensure they are being met.
-
3. People Controls. We ensure your staff are suitably trained and assessed on the latest cyber threats to the organisation. Additionally, we review the level of access individuals have to key data within your organisation.
-
4. Technical Security Controls. We review the technology deployment to ensure you have appropriate security systems, data redundancy, backups and other controls in place to provide maximum layered protection.
-
5. Technical Monitoring and Testing. Our team make sure you have the right monitoring in place to detect then deal with a cyber attack of other incident. Periodic testing will ensure you can adapt before an incident occurs.
-
6. Third Party Information Security Controls. Vetting the third-parties and suppliers with whom you share information and data is important; We ensure that the right system is in place to optimise your approach.
To discuss our Information Security Auditing service please call
us on
+44 2030 393 395
to speak to one of our team.