Information Security Audit

Information security audit is the mandatory control for any organisation. It should be spent at least once in a year by the independent experts having appropriate qualification and experience. Audit allows to the management, the shareholders and the third parties to receive an objective information about the state of informational security of the organization.

Information security audit represents the complex of operations including research of all aspects of information security in the organisation, spent on the schedule co-ordinated with the customer, according to the selected technique and criteria.

The main objectives of information security audit are:

• Independent estimation of a current state
• Identification and elimination of vulnerabilities
• The feasibility report on security controls
• Maintenance of conformance to legislation requirements
• Minimisation of a damage from security incidents

The main product of audit is the Auditor report which contains the description of a current state of informational security in the organisation, the description of detected vulnerabilities and mismatches to the selected criteria of audit, and also the guideline on their elimination.

When working on technical audit and the analysis of security of information systems GlobalTrust experts use the most advanced methods, resources and information sources, including Open-Source Security Testing Methodology Manual (OSSTMM), SANS Top Twenty Vulnerabilities List, CVE, CERT Bulletines, SANS SCORE, CIS Security Benchmarks, Nessus, etc.