Fresh eyes when reviewing documentation and ways of working can highlight issues that have been missed previously, often they have been there since the document’s inception. Our Professional Services experts have over 15 years auditing experience and our commitment to you is that the feedback we give will not be filled with technical jargon - you will be able to understand it and it will offer you real ways to improve your company’s security.
We recognise two major standards for measuring security maturity and either can be used to audit your current posture and highlight areas that could be improved. Both security audit approaches involve a 3-day onsite visit.
The Information Technology Laboratory (ITL) within the National Institute of Standards and Technology (NIST) is a research facility dedicated to formulating tests, test methods, reference data, proof of concept implementations, and technical analyses to advance the development and productive use of information technology. The Special Report 800-53 details a process for selecting controls to protect organisational operations (including mission, functions, image, and reputation), organisational assets, individuals, other organisation, and the nation from a diverse set of threats including hostile cyber-attacks, natural disasters, structural failures, and human errors. It is these guidelines that our consultants use to determine where issues may lie within your organisations security. The typical audit points are:
Physical Security
Logic Security
Incident Management
Policies, Standards and Procedures
For further reading around the NIST Security Standards.
The Centre for Internet Security (CIS) is an organisation dedicated to enhancing the cybersecurity readiness and response for public and private sector companies. The approach that our security consultants adopt during their audit is based around identifying, developing, validating, promoting and sustaining the best practices in cybersecurity. The aim is to ultimately supply world-class security solutions to prevent and rapidly respond to cyber incidents. The typical audit points our consultants would look at are:
Inventory
Software
User Access
Logging Capability
Data Protection
Wireless Controls
Incident Management
For further reading about the CIS Security Standards.
Scan 3XS offers a wide range of professional services, fully customisable to your requirements. Please contact us for further information and pricing.