Every business, including yours, has valuable IT assets such as computers, network equipment, and various levels of data. To protect those assets, an IT Security Audit is one of the best ways to get a clear picture of the security risks your organization's IT system faces, without incurring the cost and other associated damages of an avoidable security incident.
While no business owner, executive or IT manager relishes the thought of enduring an end-to-end third-party security examination, it is generally understood that an audit is the only way to fully ensure that all of a business' security technologies and practices are performing in accordance with established specifications and requirements. CANDIS recognizes this predicament however, and although an IT Security Audit cannot take place in a vacuum, we do pride ourselves at making our IT Security Audit processes as unobtrusive as possible.
CANDIS' IT Security Audit is a combination of both manual and automated measurable technical assessments of a system or application. Manual assessments include interviewing staff, performing security vulnerability scans, reviewing application and operating system access controls, and analyzing physical access to the systems. Automated assessments, include system generated audit reports or using software to monitor and report changes to files and settings on a system.
One of our main concerns as auditors will always be how your security policies - the foundation of any effective organizational security strategy - are actually used. If you do not have one, or the one you have is inadequate, CANDIS will provide a suggestion for an IT security policy along with our audit report
In short, CANDIS' IT Security Audit is aimed at determining how the confidentiality, availability and integrity of your organization's information is assured, and what to do if vulnerabilities are identified.