Information Security Audits - ISO 18028
Assess Review Manage Audit your sensitive infrastructure and processes.
Your organisation has spent a tonne of money on procuring "state-of-the-art" technology... does it mean you are safe? Let us help you confirm your ROI.
An information security audit is an audit on the level of information security in an organization. Within the broad scope of auditing information security there are multiple types of audits, multiple objectives for different audits, etc. Most commonly the controls being audited can be categorized to technical, physical and administrative. Auditing information security covers topics from auditing the physical security of data centers to auditing the logical security of databases and highlights key components to look for and different methods for auditing these areas.
When centered on the IT aspects of information security, it can be seen as a part of an information technology audit. It is often then referred to as an information technology security audit or a computer security audit. However, information security encompasses much more than IT.
Whether it is a plain DC/DR audit or audits of your ERP system or Internet banking/mobile banking systems, our versatile methodology is well in place to complete the assessment.
Using various standards and frameworks such as ISO18028, NIST standards, ISO27001, PCI-DSS, HIPAA, etc, based on the organizational objectives, an audit framework is identified and carried out