Our Information Systems Audit Portfolio covers the following :

1. IS Controls Review

  • Review of existing Information system security controls against best practices and industry standards.
  • Gap analysis with standards such as ISO27001, SANS, NIST etc / other industry benchmarks like CIS, CERT etc.
  • Making recommendations to improve and strengthen IS controls.

2. Network Audits (including vulnerability and penetration testing)

  • Auditing management and security of networks.
  • Examining the extent to which network security meets internal standards.
  • Vulnerability assessment and penetration testing of the networks.
  • Indepth review of configurations of various network devices such as routers, firewalls, etc and benchmarking them against secure configuration standards.
  • Providing an overall review of the consistency, quality, and reliability of the network management processes.
  • Recommend opportunities for improvement.

3. Data Centre Audits

  • Data Center Operations Review
  • General Computer Controls Review covering
    • IT Assets and resources
    • Personnel Security
    • Physical and Environmental Security
    • Access Controls
  • Operating System Review
  • Database Controls Review
  • Network Controls Review

4. Business Application Audits

  • Testing the application capabilities, features and limitations.
  • Establishing the reasonableness of application’s logical access controls.
  • Audit of SDLC process.
  • Review of the operational adequacy of the application package.
  • Performance testing using tools.

5. Web Application Security Testing

  • Testing web application for security vulnerabilities
  • Review of web application source code against secure coding standards
  • Review of underlying operating systems and applications
  • Strengthening website security

6. Migration Audits

  • Review of migration process from legacy systems to state of the art systems like SAP, Oracle Applications.
  • Review of migration process from a non-CBS to a CBS environment.
  • Review of Data Center migration process