IT Audit is a form of security assessment, where we examine the security environment, and report about gaps, insufficient security controls and risks that are not addressed. The audit will be based on interviews and inputs provided by those managing the system. Unlike our full-fledged security assessment, where we first map the architecture and examine the infrastructure, in this activity we rely upon the information provided by your team and evaluate security against any of the below standards:
- ISO 27002:2013 / ISO 27002:2022
- PCI DSS 3.x/4.x
- Dubai ISR
- CSA – Cloud Controls Matrix
The goal of the audit is to identify gaps and report on them. This includes brief recommendations and generic advice to rectify problems. If you are looking for detailed recommendations, you can choose the comprehensive Infosec Assessment service which includes documentation, VA and roadmaps.