RU
RU

INFORMATION SECURITY AUDIT

Выберите категорию

IDENTIFY AND SECURE

Why do I need an audit? To understand what to protect, how to protect, what has already been done, what can be used again and so on. In general, to understand the state of the infrastructure and build a clear plan of its modernisation.

It is the stage of the audit when the basic work is done because planning of the security is one of the most labour-intensive tasks. It is because the new protected infrastructure should become a part of the company workflow. Here, attention to the details of the processes wins the deal. Therefore, the audit will be long and thorough.

If you are not ready for long and thorough projects, it is worth trying pilot implementation in miniature on a separate section

HOW WILL AUDIT PROCEDE?

The main stages

  • Identifying objects to be protected
  • Analysing infrastructure
  • Carrying out inventory check
  • Identifying data processing modes
  • Estimating interaction between staff members
  • Offering development plan
  • First, we will together identify what to be protected and make records of that.
  • Then, we will prepare a description of the infrastructure and existing organisational processes. Here, we often face the first surprises, because documents often are very far from the reality.
  • We determine the place of the system to be protected in the company infrastructure as a whole and identify the relationship between this part and others. In fact, we will formalise all inputs and outputs, i.e. who, when and why can enter, change or delete the data. We will take inventory of technical means.
  • Define what should the process of information processing be like.
  • Define data processing modes for each individual component. Define how personnel is engaged in data processing and how the employees will interact.
  • Starting from this basis, we can compose the infrastructure development plan so that it matches the desired standards

Projects direction

Ask the Manager