Audits and Assessments

An audit is a manual or systematic measurable assessment of how the organisation's security policy is employed on a system, at a specific site or in an application.

An audit is one of the best ways to determine the security of an organisation's information without incurring the cost and other associated damages of a security incident.

Gap Analysis

Find out how well your organisation complies against international standards. A tailored Gap Analysis will be conducted against a specified business area within your organisation to determine how well they comply with the nominated standard, including:

• ISO 27001 and ISO 27002
• BS 25999 Business Continuity Management
• ISO 20000 Service Delivery Management
• ISO 9000 Quality Management Systems
• ISO 20000 Service Delivery Management
• Information Technology Infrastructure Library (ITIL) V3
• Control Objectives for Information and related Technology (CobiT) 4.1

The output for this engagement will be the delivery of a Gap Analysis report which identifies the security strengths and weaknesses of your organisation against international standards or other pre-defined criteria.

Strasan offer manual or automated assessments.

Manual assessments include interviewing staff, performing security vulnerability scans, penetration tests, reviewing application and operating system access controls, and analysing physical access to the systems.

Automated assessments include system generated audit reports or using software to monitor and report changes to files and settings on a system. Systems can include personal computers, servers, mainframes, network routers, and switches. Applications can include Web Services, SAP / Oracle Databases, and integrated systems.
The output for this engagement is a client report detailing the findings and remediation activities.