IT Security Audit
It is an audit on the level of information security in an organization. Most commonly the controls being audited can be categorized to technical, physical and administrative. Auditing information security covers topics from auditing the physical security of data centers to auditing the logical security of databases and highlights key components to look for and different methods for auditing these areas.
When centered on the IT aspects of information security, it can be seen as a part of an information systems audit. It is often then referred to as an information technology security audit or a computer security audit. However, information security encompasses much more than IT.
Within the broad scope of auditing information security there are multiple types of audits, multiple objectives for different audits, etc.
It is conducted on the following basic Principles of audit and can be classified as:
Following are the types of audits conducted by our Company which can be classified under Information Security Audit:
- • Vulnerability and Penetration Testing
- • Mobile Penetration Testing
- • Application systems – Security review
- • Review of IS Controls
- • BS 7799/ ISO 27001 Implementation
- • Formation of IS Security Policy
- • Compliance with IS policies and procedures
