Full Scope Security Audit

Full Scope Security Audit

What IT security vulnerabilities does your entire company have?

A full scope security audit provides you with the current status of your company's IT and information security - and not just from a technical perspective. Instead, this audit also examines the crucial elements of your physical, organizational, and process-related IT security in addition to technical aspects.

As with a house, the attacker can enter through the front door and via the terrace or the window. To achieve IT security at all levels, it is therefore advisable not to focus exclusively on the technical infrastructure but to take sufficient defensive measures. As part of our full scope security audit, we review and optimize your company's IT and information security, taking into account technical, physical, organizational, and process-related elements.

Patrick Jung Head of Technical Security Services, secion GmbH

Quotation example for a full scope security audit:

A holistic review of your organizational IT security

1. survey to determine the current situation of the organizational IT security

Evaluation of the following sub-areas based on surveys:

Part I: Organization and building security

  • Organizational structure and responsibilities
  • Responsible employees/management level
  • Notification and escalation structure
  • Alarm systems
  • Access and access control

Part II: Information technology processes

  • User administration
  • Deployment and disposal of hardware and software
  • Operation and maintenance of IT systems
  • Specifications and guidelines
  • Documentation of IT systems

Part III: Technical measures

  • Network security
  • System monitoring
  • E-mail security
  • Gateway security
  • Mobile device security
  • Patch Management
  • Vulnerability Management
  • Securing web services
  • Datacenter architecture

2. review of existing documentation and processes, development of recommendations for action, and creation of results documentation

  • Review of existing documentation
  • Review of existing processes based on the documentation
  • Consolidation and evaluation of the results
  • Development and description of recommendations for action
  • Written preparation of the results and the resulting recommendations for action
  • Preparation of documentation, including management summary
  • Presentation/discussion of the documentation of the results in your company
  • Discussion of the recommendations for action
  • Clarification of questions

Which IT security audit method do you need?

In our recent whitepaper, find out why the audit methods Inside Criminal Simulation, Social Engineering Audit, and Red Teaming could be of particular interest to your company!

Durch Klicken auf die Schaltfläche "Jetzt Whitepaper lesen!" bestätigen Sie, unsere Richtlinien zum Datenschutz gelesen zu haben. Sie geben Ihr Einverständnis zur Verwendung Ihrer personenbezogenen Daten zu dem von Ihnen angegebenen Zweck der Kontaktaufnahme durch die secion GmbH.