home
about us
products & services
analysis slash delivery slash testing slash operations slash awareness
news events
case studies
resources
contact us
* *
detailed audit previous service next service

headlines

focuses on selected elements of information systems, networks, or security process and practice

close inspection of security policy, practice, technology or other component

conducted by observation, inspection and interview

follows ISO17799/BS7799 guidelines

commissum will provide:

an expert, unbiased opinion

advice on adequacy of security technology or practice

indications where improvements can be made

confirmation of the adequacy of controls

indication of unnecessary controls, which may be an overhead


issues

An organisation may have particular concerns about specific parts of its information systems, networks, or security process and practice. These could be, operating procedures, back-up arrangements, password management, user management or development procedures. They may be concerned about a particular application or architectural component such as a DMZ. The concerns may arise from issues raised by a higher-level audit, regulator's requirements or concern about the manageability of security in a particular area.

The detailed audit involves close inspection of security policy, practice, technology or other component, concluding whether appropriate to need, correctly configured, controls are adequate, are sufficiently documented, well operated and demonstrable.

approach

An audit will normally be conducted by observation, inspection and interview. In some cases, system or software testing will be conducted to augment the auditor's work. Tools to interrogate logs and other records may be required.

The elements are:

  • agree the scope and objectives of the audit
  • identify people and locations and establish a schedule
  • conduct preliminary documentation review and other necessary research
  • conduct inspections and interviews
  • draw up preliminary findings and report back to client
  • negotiate differences of opinion
  • produce final report (reporting on strong, adequate and weak practice)
  • deliver final report and recommendations

The commissum audit will follow ISO17799/BS7799 guidelines, but due to the detail normally required, will go deeper than the clauses of ISO17799 - for example the technical sections will need to be interpreted for specific technologies and platforms.

customer benefits

commissum will provide an expert, unbiased opinion on the adequacy of security technology or practice in a specific part of the business or IT operation, indications where improvements can be made and the steps needed to achieve these. The client will also receive confirmation of the adequacy of controls and conversely, indication of unnecessary controls, which may be an overhead or impediment to doing business effectively.

Note: You can download details of this service as a Adobe Acrobat PDF by clicking on the button above. If you do not already have Acrobat Reader, you can download it for free from the downloads page.
health
check		 ISO17799 / BS7799
gap analysis		 detailed
audit		 snapshot  
   
site map

slash

 terms & conditions © 2001-2008, commissum