Security Audit – IT Infrastructure and Application Security Audit
The main purpose of the security audit is a technical assessment of the security of the organization’s IT infrastructure – their operating systems, applications, etc. The audit may be carried out by:
- Internal auditors – for smaller companies, the role of internal auditor can be filled by a senior IT manager. This employee is responsible for the preparation of reliable audit reports. Larger companies have specially designated structures, with trained and certified specialists in the field of information system security auditing
- External auditors – organisations external to the company. It can be carried out by state administrations, for example, a team of the Ministry of Electronic Governance or by companies specializing in auditing and assessment of information security. Third-party security testing is performed according to a framework and scope of testing agreed in advance between the parties
There are two main types of audit:
- Manual audit – the auditor interviews employees, scans the information infrastructure for vulnerabilities with manual tools. Physical access to information systems and access control to applications and operating systems are evaluated
- Automated audit – managed by trusted software and produces comprehensive, customized audit reports
The TechnoLogica team has accumulated experience in performing security audits of IT infrastructure and software applications, within the meaning of Art. 34, para. 1, item 3 of the “Ordinance on the minimum requirements for network and information security”. It uses a combination of manual and automated tools to perform audits.