Our Information Systems Audit Portfolio covers the following :
1. IS Controls Review
- Review of existing Information system security controls against best practices and industry standards.
- Gap analysis with standards such as ISO27001, SANS, NIST etc / other industry benchmarks like CIS, CERT etc.
- Making recommendations to improve and strengthen IS controls.
2. Network Audits (including vulnerability and penetration testing)
- Auditing management and security of networks.
- Examining the extent to which network security meets internal standards.
- Vulnerability assessment and penetration testing of the networks.
- Indepth review of configurations of various network devices such as routers, firewalls, etc and benchmarking them against secure configuration standards.
- Providing an overall review of the consistency, quality, and reliability of the network management processes.
- Recommend opportunities for improvement.
3. Data Centre Audits
- Data Center Operations Review
- General Computer Controls Review covering
- IT Assets and resources
- Personnel Security
- Physical and Environmental Security
- Access Controls
- Operating System Review
- Database Controls Review
- Network Controls Review
4. Business Application Audits
- Testing the application capabilities, features and limitations.
- Establishing the reasonableness of application’s logical access controls.
- Audit of SDLC process.
- Review of the operational adequacy of the application package.
- Performance testing using tools.
5. Web Application Security Testing
- Testing web application for security vulnerabilities
- Review of web application source code against secure coding standards
- Review of underlying operating systems and applications
- Strengthening website security
6. Migration Audits
- Review of migration process from legacy systems to state of the art systems like SAP, Oracle Applications.
- Review of migration process from a non-CBS to a CBS environment.
- Review of Data Center migration process