What is a Security Audit?

A Security Audit is a systematic and repetitive process where an independent and skilled professional (Certified Information Security Auditor – CISA), performs controls assessments, makes personnel interviews, obtains and analyzes evidences with the objective to generate a final report on findings, possible issues and recommendations.

A Security Audit requires prior planning where is necessary to establish:

  • Objectives
  • Scope
  • Risks Analysis
  • Procedures
  • Resources
  • Scheduling

The final deliverable will be an Audit Report that will be presented to the customer with findings and recommendations.

The Audit Report will have an introduction, executive summary, audit description, systems analyzed, interviewed personnel, found evidences, sampling techniques, findings and recommendations.

Here are some examples:

  • DMZ Audit
  • Internal Network Audit
  • Application Audit
  • Technical Security Audit
  • VPN´s Audit
  • Advanced Firewall Audit
  • WIFI Audit
  • SOX, PCI-DSS Compliance Audit
  • Privacy and Compliance Laws Audit

Obviously, duet to the segregation principle, the auditor will not be allowed to participate in any project arising from his recommendations.

A follow up process to analyze the effectiveness of any recommended implementation will be available under customer´s request.


Este sitio web utiliza cookies para que usted tenga la mejor experiencia de usuario. Si continúa navegando está dando su consentimiento para la aceptación de las mencionadas cookies y la aceptación de nuestra política de cookies, haga clic el enlace para mayor información.

Aviso de cookies