Security audit

The main idea behind security audits is to find out the real state of implemented security regulations and security mechanisms within the organization and to compare them with the desired state (e.g. against the defined standard, internal directions, etc.)

We can offer you the following services with regards to security audits:

• check of security aspects of audited systems from the perspective of company’s internal documents, international norms and recommendations,
• identification of weak system point using expert analysis,
• check and subsequent recommendation of suitable security measures,
• check of documentation, procedure and process linked with individual activities of audited system and life cycle phases of the system,
• penetration tests used to identify the real system security.

Main benefits of security audits are:

• independent professional view on the required level of information security within an organization,
• identification of critical point in IT/IS environment,
• fulfillment of legal demands, valid standards and norms,
• overview of compliance with international standards.

Telefónica O2 Business Solution has considerable experience with regards to security audits and offers several different options.

Security audit overview

The security audit overview identifies the total state of information security within the organization. The overview mainly looks at the complexity of IT/IS environment within the organization. The overview can be adapted to individual sectors, such as know-how protection, fulfilling of organization’s requirements with regards to specific legislation, resistance against system penetration, possibility of system collapse etc. The security audit overview is not strictly aimed at the information system; it can also focus on areas such as human resources security, physical security and environmental security, organization’s actions continuity management, etc.

The main aim of security audit overview is to identify gaps in security system as such and suggest an optimal solution aimed at removing of weak spots.

Security audit based on the ISO/IEC norms

Complex and independent check of security operation of information system under the requirements of ISO 27001:2006 and ISO 27002:2008 international standards. 

This type of audit is always dependent of the type and size of organization undertaking this audit as well as the requirements of the customer.

The main aim is to identify the conformity with current state of ISMS (Information Security Management System) introduction – the process managing the security information system within the organization (continuous process of risk adaptability) based on ISO/IEC norms, identification of weak spots and the suggestion of suitable security measures.

Technical security audit

Complex check and evaluation of information system security on the level of technical infrastructure. The outcome of such audit is a detailed evaluation of configuration of individual evaluated objects within IS.

This audit type is generally done in the form of external audits and internal penetration tests, system audit of server configurations, databases and network elements.

The main aim of this audit is to identify potential weaknesses in the technical infrastructure of information system and suggest suitable solutions.