IT Audit

Middle-east tops the world in numbers

Source: IBM Cost of Breach Report 2019

The middle-east had the highest average number of breached records in 2019 with 38,800 records

$5.98 million per breach

The average cost of breach in the middle east was $5.98 million, second only to the US which tops the world with $8.19 million

learn more Source: IBM Cost of Breach Report 2019

CONDUCT AN ASSESSMENT

Identify gaps in your security
Get a 360-degree view of implemented controls

INFRASTRUCTURE ASSESSMENT

IT infrastructure assessment is required from time to time as an input to decision making – for strategic investments in technologies or for process improvement and optimisation. Organisations engage external parties to do health-checks and assessments for an independent opinion. Typical assessments are generally conducted in the following major phases:

1. Survey and Data Gathering
2. Documentation and Assessment of the Infrastructure
3. Gap Analysis vis-à-vis good practices
4. Recommendations for improvement, configuration changes etc.
5. Presentation of findings, reports; and workshops.

Based on the maturity level, and business requirements (gathered during interviews), we make recommendations or highlight areas which require attention – whether configuration changes, upgrades or a complete overhaul of the systems in question. These recommendations will be guided by good practices, taking into consideration latest technologies and security enhancements, for the overall improvement of IT services.

Recommendations will be made in alignment with enterprise architecture, if a formal definition exists in the organisation; if not, these recommendations will be conducive for such a design in the future. In addition to various documents, we also produce engaging infographics as a part of deliverables.

A typical assessment covers more than 25 areas including:

Services and Applications
Data Centres / Locations
System Infrastructure
Network Infrastructure
Wireless Infrastructure
Virtualisation Infrastructure
Storage and Backup Infrastructure
Printers and Peripherals
Communication Lines
Access Control and CCTV
Audio/Video Infrastructure
Security Infrastructure

HOW WE CONDUCT AN ASSESSMENT

Survey & Data Gathering

Consultants will examine all the components in the IT infrastructure and acquire data by:
* Physical survey of data centres
* Interviews with IT staff
* Inspection of systems, configuration data, etc.

Documentation

All the details collected will be collated and documented. Work products in this phase include:
– Documentation of servers, networks, applications, services, etc.
– Topology and connectivity diagrams
– Server and equipment lists.

Assessment

Adequacy of controls will be tested against:
* Controls based on standards (PCI-DSS / ISO27001)
* Test nearly controls in various security domains
* Technology assessment: using VA tools

Reports

Summary and detailed reports will be compiled that will show the present state of security in the organisation.

Recommendations

Based on the assessment and business requirements, recommendations will be made, which:
– Highlight areas which require immediate action
– Configuration changes or upgrades to systems
– Implementation of controls hitherto not implemented

Presentation

The assessment will culminate in:
* Presentation of findings
* Discussion of recommendations
* Workshop with tech and admin teams

Why We Are Different

Experienced Team

Our consultants have hands-on experience in IT-operations having designed, implemented and managed sizeable and complex IT infrastructures.

Standards Based

Our assessments are based on international standards and frameworks and controls are evaluated according to industry best-practices.

Bespoke Assessments

Every single assessment that we undertake is bespoke. We consider factors such as organisational culture and issues, constraints specific to each infrastructure.

Actionable Reports

Instead of reams of paper that nobody reads, our recommendations are detailed and specific statements, which include implementation roadmaps.

Infographics

Sample Deliverables

Assessment Report

Summary and detailed reports on the state of security pointing out adequacy of controls implemented.

Gap Analysis Report

Gap analysis against established standards such as ISO27001, PCI etc.

System Documentation

Asset inventory: servers, storage, backup, network equipment, cloud assets.

Diagrams & Infographics

Network connectivity and topology diagrams, traffic flow diagrams, etc.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.