Security Audit / Review

Background

Security Audit / Review

Our Cyber Security Review is our most called upon  service.   Based upon the industry recognised NIST security framework.  We deliver an in depth understanding of the current cyber security capabilities across the full security domain.

We produce an in-depth management report clearly highlighting the areas where capability currently exists but also the areas requiring management focus and attention.

Service Features

Our analysis and reports typically covers the following areas but can be expanded to cover areas which are unique to the nature of your business and operating model

Management of Cyber Security

  • Leadership and Governance
  • Cyber security policies, standards, guidelines and strategic objectives
  • Management of cyber risk
  • Roles and responsibilities within the security function
  • Threat intelligence and executive reporting
  • Classification and handling of information assets
  • Business continuity and disaster recovery
  • Cyber security incident management
  • Human resources security
  • Security awareness and training
Technical controls and operations procedures
  • Application security
  • Access Control
  • Network design and architecture
  • Switches and routers
  • Communication links
  • Firewalls
  • Intrusion detection and prevention
  • Servers
  • Computers and mobile devices
  • Patching and vulnerability management
  • Public facing vulnerability assessment
  • Monitoring and log management
  • Remote access
  • Domain administration
  • Privileged users
  • Email
  • Data Security
  • Asset management
  • Physical Security

 

Outcomes current clients have experienced

Every client engages the security review service for different reasons.  Sometimes an incoming security or technology leader wants to understand the current security status on their new organisation, others want to validate transformation progress or identify new issues.  Regardless of the reason for engagement the same outcomes are always delivered

  • Holistic review and assessment of security across all areas
  • Inclusive approach with broad range of stakeholder interviews
  • Assessment against industry leading frameworks
  • Clarity over current capabilities across People / Process / Technology
  • Clear risk prioritised action plan for maximum risk reduction
  • Detailed management report
  • Comprehensive risk register outlining all findings and risk assessment