What IT security vulnerabilities does your entire company have?
A full scope security audit provides you with the current status of your company's IT and information security - and not just from a technical perspective. Instead, this audit also examines the crucial elements of your physical, organizational, and process-related IT security in addition to technical aspects.
Important questions that will be answered during a full scope security audit are, for example:
- How effective are your already implemented organizational IT security measures?
- Does your cloud strategy include all security-relevant aspects of your company?
- Is the confidentiality of your critical company data guaranteed at all times?
- How quickly do your employees recognize IT security threats, and are they able to respond to them correctly?
- How effective is your IT contingency planning?
This provides you with a holistic view of your information security's current state - including all non-technical security gaps - in addition to all technical potential for improvement.
The recommendations for action we develop from this ensure that your company is holistically protected against current cybercrime risks.
What about the risk from inside perpetrators in your company?As with a house, the attacker can enter through the front door and via the terrace or the window. To achieve IT security at all levels, it is therefore advisable not to focus exclusively on the technical infrastructure but to take sufficient defensive measures. As part of our full scope security audit, we review and optimize your company's IT and information security, taking into account technical, physical, organizational, and process-related elements.
Content & Procedure of a Full Scope Security Audit
Our IT security consultants carry out every full scope security audit following the IT-Grundschutz (basic IT protection) developed by the German Federal Office for Information Security (BSI) as well as ISO 27001.
In addition to examining the technical conditions, organizational and infrastructural requirements are also examined, and, after completion, needs-based measures are developed for your company.
After the audit, our IT security consultants provide you and your company management with a result report that shows your information security status. Based on this, our IT security consultants develop a catalog of recommended measures that show how you can efficiently eliminate the detected security gaps. The sequence of measurements is determined based on existing risks and their scope of impact, and particularly critical deficiencies are highlighted accordingly. The recommended security level is thus improved step by step and reviewed annually.
How high is the safety awareness of your employees?Quotation example for a full scope security audit:
1. survey to determine the current situation of the organizational IT security
Evaluation of the following sub-areas based on surveys:
Part I: Organization and building security
- Organizational structure and responsibilities
- Responsible employees/management level
- Notification and escalation structure
- Alarm systems
- Access and access control
Part II: Information technology processes
- User administration
- Deployment and disposal of hardware and software
- Operation and maintenance of IT systems
- Specifications and guidelines
- Documentation of IT systems
Part III: Technical measures
- Network security
- System monitoring
- E-mail security
- Gateway security
- Mobile device security
- Patch Management
- Vulnerability Management
- Securing web services
- Datacenter architecture
2. review of existing documentation and processes, development of recommendations for action, and creation of results documentation
- Review of existing documentation
- Review of existing processes based on the documentation
- Consolidation and evaluation of the results
- Development and description of recommendations for action
- Written preparation of the results and the resulting recommendations for action
- Preparation of documentation, including management summary
- Presentation/discussion of the documentation of the results in your company
- Discussion of the recommendations for action
- Clarification of questions
Would you like advice on our Full Scope Security Audit? Our Security Consultants will be happy to inform you!
Call us at: +49 (0) 40 / 38 90 71 – 0 or send us an e-mail: info@secion.de
Which IT security audit method do you need?
In our recent whitepaper, find out why the audit methods Inside Criminal Simulation, Social Engineering Audit, and Red Teaming could be of particular interest to your company!