Security Auditing - ESTec Security

Vulnerability Assessment
Incident Response
Intrusion/ Penetration Testing
ISO 27001 / ISO 17799 / BS 7799
Information Technology Risk Assessment
Security Policy Review and Formulation
Telecommunications Audit
Code Audit
Network Architecture Reviews
Firewall Rule Set Audit
Security Log Analysis
Expert Witness
Disaster Recovery Planning & Plan Reviews
Security Auditing
Security Awareness Programs

Security Auditing

Once a process for securing assets is in place, a regularly scheduled security audit will determine if the process is operating properly. A security audit analyses the security of an application or group of computers, and reviews the administrative functions going on around the computers. This is done to ensure that security maintenance activities outlined and mandated in the existing security plan or process are actually being followed. Recommendations are made, as required to help the organization improve security of its critical systems and to maintain the security of these systems. Over time, every security program will need updating as software and networking evolves.

Sample Case

Customer: A Large American Utility
Services: Security Auditing
Problem: The external auditors, required as part of their annual report on the utility company, that the utility employ a third-party review of the information security around process control systems.
Solution: An ESTec consultant performed vulnerability analysis for each critical control system on-site and then interviewed administrative personnel about security operations.
Results: While the systems in place proved not to be vulnerable to intrusion through known holes, administrative procedures were not state-of-the-art, as required, and certain systems did not have adequate physical access controls or currently adequate backups. No systems administrators were performing comprehensive log reviews, although industry standards and internal security policies required the latter.
Results: Management was told that standards required it to increase the number of logs, the administrative oversight of security, and the available physical access controls. These recommendations were followed, and the company increased administrators by 10% to enable it to return to the original security maintenance standards it had accepted. The result was a large increase in safety at a relatively small increase in personnel costs. This allowed the company to meet the demands of its auditors and the industry during the period in question, thus avoiding penalty costs and lost income.

For more information on our Security Audit Procedures Click Here.


	About Us \| Products & Services \| Newsroom \| Education \| Careers \| Contact Us \| Privacy Commitment \| Terms of Use ©2002 ESTec Systems Corporation. All rights reserved.