IT & Security audit is the examination and evaluation of an organization’s information technology infrastructure, policies and operations. They determine whether IT & Security controls protect corporate assets, ensure data integrity and are aligned with the business’s overall goals. IT auditors examine not only physical security controls, but also overall business and financial controls that involve information technology systems.
IT & Security audit covers different aspects of PPT (People, Process & Technology), CIA (Confidentiality, Integrity, Availability) and AAA (Authentication, Authorization, Accounting). Auditing information security is a vital part of any IT audit and is often understood to be the primary purpose of an IT Audit. The broad scope of auditing information security includes such topics as data centers (the physical security of data centers and the logical security of databases, servers and network infrastructure components), networks and application security.
We follow industry’s best practices, frameworks and standards like ISO 270001, ISO 20000, ISO 22301, ISO 31000, ISA 99 (IEC 6244), ISO / IEC 38500, COBIT, ITIL, TOGAF, HITRUST, NITECH, PCI DSS, HIPPA, NIST, Qcert etc
- IT Governance Audit
- Infosec & Cyber Security Audit
- Penetration Testing
- Vulnerability Assessment
- Data Center Audit
- Application & Database Audit
- Industrial Control System / SCADA Security Audit