Information Security Audit

The term “audit” can trigger shivers down the spine of the most battle-hardened manager. Financial audits are the most common examinations a business manager encounters. This is a familiar area for most executives: they know that financial auditors are going to examine the financial records and how those records are used. However, they are unlikely to be acquainted with information security audits; that is, an audit of how the confidentiality, availability and integrity of an organization’s information is assured. They should be. An information security audit is one of the best ways to determine the security of an organization’s information without incurring the cost and other associated damages of a security incident.

Technology changes much more rapidly than business policies and must be reviewed more often. Software vulnerabilities are discovered daily. A yearly security assessment by an objective third party is necessary to ensure that security guidelines are followed.

Security audits aren’t a one-shot deal. Don’t wait until a successful attack forces your company to hire an auditor. Annual audits establish a security baseline against which you can measure progress and evaluate the auditor’s professional advice. Even if you use different auditors every year, the level of risk discovered should be consistent or even decline over time. Unless there’s been a dramatic overhaul of your infrastructure, the sudden appearance of critical security exposures after years of good reports casts a deep shadow of doubt over previous audits.

What does it involve ?

IT Audit Scoping

The scope of IT audit varies on the standard followed or requirements of the client. At Unyk Solutions we offer a broad level of IT audits which include the following:

  1. Auditing Entity-Level Controls
  2. Auditing Data Centres and Disaster Recovery
  3. Auditing Routers, Switches and Firewalls
  4. Auditing Windows Operating Systems
  5. Auditing Unix and Linux Operating Systems
  6. Auditing Web Servers and Web Applications
  7. Auditing Databases
  8. Auditing Storage
  9. Auditing Virtualized Environments
  10. Auditing WLAN and Mobile Devices
  11. Auditing Applications

The main theme of IT audits is the assessment of Security Controls, Access Controls and IA Controls.

IT Audit process

Unyk solutions follows the standard process of IT Audit:

  1. Planning
  2. Identify and Documentation of Controls
  3. Evaluate and validate Controls
  4. Solution Development
  5. Report drafting and issuance
  6. Follow-up Action

IT Audit benefit

  1. To maintain security and integrity of confidential information
  2. To reduce IT security risks that organization may have
  3. To gain trust of customer by providing assurance of security measure used
  4. To evaluate IT infrastructure systems.
  5. To comply with the standards or regulatory of IT Audit.

Our Approach

Walk-through of each IT Audit process, identifying company objectives, carry out IT audit, assign control objectives and identify associate controls where applicable.

Independently test each of the identified IT infrastructure elements and document the appropriate evidence and subsequent control testing.

Evaluate the operating effectiveness of each control test results and the documentation.

For all control failures we can assist with determining the required solution to address the outstanding inefficiencies and arrange the identified solution plans.

The Role of Internal Audit