Security & Audits

The growing dependence of companies and institutions from the information processing systems increases the risk of data security loss. Implementation of comprehensive information security system is therefore the necessary measure to minimize the risk of potential damages associated with this threat. Due to the specific legal requirements, an important piece of activity is the protection of personal data. Safety management systems of these specific data must meet legal and technical requirements. Audit is an effective verification tool, assisting an effective implementation of appropriate measures and requirements.

 

ICT Audit

During the ICT system audit Audytel examines in detail the ICT infrastructure and organization on the basis of documentation, interviews with key representatives of the organization and site visits. The analysis is done using the renowned CObIT® methodology.

 

Personal Data Protection Audit

In accordance with the legal requirements and best practice in information security, protection of personal data requires the company to set up a comprehensive information security system.

The purpose of the audit is to ascertain compliance of the personal data protection processes taking place in the client company with the Law on the Protection of Personal Data and other regulations. Security measures are reviewed not only in accordance with the legal requirements, but also with the best practices e.g. as indicated by the standard PN-ISO/IEC 17799:2003.

The audit is conducted according to guidelines for audits and in compliance with the standard BS 7799-2 (PN-I-07799-2: 2005), that describes an integrated model of information security management system.

 

 

ICT Infrastructure Audit

The result of ICT infrastructure audit is a report containing a detailed evaluation of the effectiveness and safety assessment of ICT infrastructure, compliance with ICT best practices, including the practices identified by the standard PN-ISO/IEC 17799:2003, and an assessment  of infrastructure management processes.

The report can optionally include guidelines for the organizational solutions that enable the customer to obtain in the future ISO 27001 certificate. In addition, the report may contain proposed changes to the ICT infrastructure management model, in accordance with best practices and standards such as ITIL, ISO 20000 and COBIT® reference model.

 

Risk Analysis

The ICT risks analysis relies on an analysis of ICT mechanisms and impact assessment of possible breach of confidentiality, integrity and availability of systems and data, in the context of the identified vulnerability. The analysis report presents to the business owners the high level of risk assessment, recommends the appropriate level of the residual risk and outlines the plan to minimize the risk to an acceptable level.

Budgeting and scheduling the implementation project  is an optional element of the risk analysis project.

 

ICT Security Policy

Implementing ICT security policies is a part of best practices in the management of ICT systems. For most corporations it has long been a key element of IT governance. Development or periodic review of ICT policies requires business experience, knowledge of relevant methodologies and of the specific issues of a company. Audytel offers advisory and support in the process of creating or periodic review of ICT security policies, implemented jointly with a team appointed by Client.

 

ICT Security Testing

As part of the service Audytel specialists attempt to break the logical, physical and organizational security measures, protecting the confidentiality, integrity and the availability of data and LAN / WAN services using techniques normally used by unauthorized persons (hackers). There can also be made attempts to break the security of a single customer machine (identified by MAC address and the name of the machine). The result is a report describing the action taken and an assessment of selected elements of the security network in relation to the attempted security incident. The proof of the successful identification of a network security vulnerability is given in the form of a specific file saved on a designated machine.