Security audits of IT systems

When a new system is to be introduced, companies focus, already in the design stage, on paying due attention to all business requirements and being prepared for all future contingencies. In spite of meticulous planning, we often see that security-related questions are not, or not sufficiently, addressed, so security expectations are frequently not specified in the system requirements, or only added at a later stage. From the point of view of security, systems developed earlier often fail to satisfy today?s requirements.

PROTAN can review and certify each element of independent or complex IT systems from the point of view of information security.

Such reviews aim to provide a clear picture to the customer concerning any security issues within the system in use, as well as the method of eliminating any problems present.

We perform IT security reviews in the following areas:
  • software/application,
  • operating system,
  • database,
  • hardware,
  • Networks, LAN, WAN , WLAN, IP and digital telephone systems

As part of a security audit, we analyze the compliance of the system in question with the security policy or other specifications (information security rules, security requirements) and check whether the system satisfies the requirements of the currently valid security recommendations. If different needs arise, a custom audit plan may also be used.

Furthermore, we can check compliance with the procedures that have been put in place within the system.
Reviews are supported by records and reports, and, upon request, recommendations are made concerning the elimination of the problems identified.

Methodology:
  • Making an audit plan in agreement with the customer,
  • Personal interview based on a questionnaire survey / Cobit , ISACA or other audit methods
  • Software-based system review, configuration analysis
  • Making a report, consultation, solution recommendations.