It is a sad fact that when we are called in by organisations we haven’t worked with to deal with the aftermath of a security breach, we very often find management does not know what security measures are in place, or if they are maintained or tested.
They don’t know who has access to what. They don’t know which data is most valuable or most exposed, or what their risk profile is.
This “head in the sand” approach is a haven for hackers to do their worst.
Knowledge is the essential first step to the protection of your IT assets.
What is a Security Audit?
A security audit is about gathering the knowledge that will support sound management decisions. It is a measure of your real security based on facts, not assumptions.
It starts with building a risk profile. There is no point spending money addressing risks you are not exposed to, and there is no value on saving money by not addressing real dangers.
Part of this is categorising your data according to its value to you. This will include sensitivity, the consequences of loss and the costs of rebuilding, but it is mostly about potential business disruption. The data that would cause the most harm to your business if it was lost or stolen, gets the highest priority protection.
Why not protect everything? Frankly, cost. We want to deliver you a solution that is cost effective for you. Lower value data is also less likely to attract major hacker resources, so prioritising your data is a sensible business decision that a security audit will help you with.
Four types of testing, over 20 key factors
We test your system in four ways:
- Do you have appropriate security software, hardware and settings?
- Are there policies and procedures in place, that cover all your risks?
- Are these procedures being followed, e.g. do people share passwords? Are backups validated periodically by actually restoring them in a test environment? (Backups are often found to be faulty when most needed. Occasionally, hackers systematically lock them.)
- Intrusion testing? If appropriate, we will probe your systems to ensure that all the theory works in practice.
A Silverfern IT security audit results in a detailed management report including your risk profile, the current state of your defences, where you should be and how to get there. In total, we test and report on more than 20 core factors.
This security audit gives you the information to make informed, effective management decisions. Isn’t it time to get started?