How do you know if your business is following the best security practices? What could have been missed?
A Cyber Security Audit reviews your setup against industry best practice and recognised Cyber Security standards so you know where you stand.
We determine the best approach to conducting the audit and streamline the workload for you by utilising interviews and information extracts for our data gathering process. We then get to work and present you with a meaningful, actionable report which is clearly walked through.
Before we commence any work, the first step is to have a conversation to determine what type of audit best suits your needs – it could be a technical audit of your systems, platform or cloud infrastructure, or an organisation wide audit to determine and assess the inherent risks associated with your technology.
Once the type of audit has been agreed, we will then perform in-person and video interviews to understand and assess risk areas such as work from home, personal computers/BYOD, cloud platforms, employee behaviour, internet access, VPN setup, network/router setup, communication risks, malicious websites and software, etc.
Depending on your requirements, we can align our audit process and reports to international Cyber Security standards such as ISO 27001, NIST Cyber Security Framework and NIST SP800-53.
The final audit report will then be provided explaining each cyber risk and the recommended actions required to minimise or mitigate those risks.
Our client had heard all these stories about cyber security and almost lost over $100,000 to a cyber attack. They didn’t know where to start or what to do. So we advised that a Cyber Security Audit is a great way to get a handle of cyber security for their business. The Cyber Security Audit reviews their business against best cyber security practices and provides a list of vulnerabilities with actions. We identified over 20 vulnerabilities which they started to action straight away and they were very thankful for turning an unknown and complex problem into a prioritised list with meaning.
Another client that was very technically skilled wanted an independent review of their cloud infrastructure. They said they have already applied security measures so they were just looking for an audit as a double check. So we performed the audit and found 15 vulnerabilities which the client was surprised about but very happy with the results and they said the audit was exactly what they needed.