Security Auditing

Auditing Standards

We recognise two major standards for measuring security maturity and either can be used to audit your current posture and highlight areas that could be improved. Both security audit approaches involve a 3-day onsite visit.

1. The National Institute of Standards and Technology Special Publication (SP 800-53)

The Information Technology Laboratory (ITL) within the National Institute of Standards and Technology (NIST) is a research facility dedicated to formulating tests, test methods, reference data, proof of concept implementations, and technical analyses to advance the development and productive use of information technology. The Special Report 800-53 details a process for selecting controls to protect organisational operations (including mission, functions, image, and reputation), organisational assets, individuals, other organisation, and the nation from a diverse set of threats including hostile cyber-attacks, natural disasters, structural failures, and human errors. It is these guidelines that our consultants use to determine where issues may lie within your organisations security. The typical audit points are:

For further reading around the NIST Security Standards.

2. The SANS Institute Centre for Internet Security Critical Controls

The Centre for Internet Security (CIS) is an organisation dedicated to enhancing the cybersecurity readiness and response for public and private sector companies. The approach that our security consultants adopt during their audit is based around identifying, developing, validating, promoting and sustaining the best practices in cybersecurity. The aim is to ultimately supply world-class security solutions to prevent and rapidly respond to cyber incidents. The typical audit points our consultants would look at are:

For further reading about the CIS Security Standards.