Information Systems Audit

1. IS Controls Review

• Review of existing Information system security controls against best practices and industry standards.
• Gap analysis with standards such as ISO27001, SANS, NIST etc / other industry benchmarks like CIS, CERT etc.
• Making recommendations to improve and strengthen IS controls.

2. Network Audits (including vulnerability and penetration testing)

• Auditing management and security of networks.
• Examining the extent to which network security meets internal standards.
• Vulnerability assessment and penetration testing of the networks.
• Indepth review of configurations of various network devices such as routers, firewalls, etc and benchmarking them against secure configuration standards.
• Providing an overall review of the consistency, quality, and reliability of the network management processes.
• Recommend opportunities for improvement.

3. Data Centre Audits

• Data Center Operations Review
• General Computer Controls Review covering
  • IT Assets and resources
  • Personnel Security
  • Physical and Environmental Security
  • Access Controls
• Operating System Review
• Database Controls Review
• Network Controls Review

4. Business Application Audits

• Testing the application capabilities, features and limitations.
• Establishing the reasonableness of application’s logical access controls.
• Audit of SDLC process.
• Review of the operational adequacy of the application package.
• Performance testing using tools.

5. Web Application Security Testing

• Testing web application for security vulnerabilities
• Review of web application source code against secure coding standards
• Review of underlying operating systems and applications
• Strengthening website security

6. Migration Audits

• Review of migration process from legacy systems to state of the art systems like SAP, Oracle Applications.
• Review of migration process from a non-CBS to a CBS environment.
• Review of Data Center migration process