Custom security audits
Tailored security audits help you to identify potential security deviations in companies and to close gaps. Depending on requirements, the audit can focus on applications, processes, systems or the entire security organization. In many cases, this also includes penetration testing.
Risk-based audits focus on specific threat scenarios such as industrial espionage, loss or manipulation of customer data and help to eliminate or at least minimize any risks and vulnerabilities.
- Compliance audits check compliance with standards and laws throughout the organization – for example, ISO/IEC 27001, IDW PS 330, OWASP Best Practices, the Payment Card Industry Data Security Standard (PCI-DSS), MaRisk, or the German Federal Data Protection Act, but also compliance with contractual requirements, if applicable.
- Risk-based audits analyze risks and vulnerabilities and identify impending production or service outages, loss of customer data, or industrial espionage - risks that can result not only in significant monetary charges, but also in lasting reputational damage.
- Technical audits are system-related audits, such as penetration tests, security source code reviews, system audits, firewall audits, etc.
Audits consist of an analysis of IT security strategy documents, IT security guidelines and policies, procedural instructions, system documentation, and security-relevant contracts, interviews with security officers and selected employees, on-site inspection of systems, implementation of guidelines and specifications, and physical security and the data center, as well as social engineering, if applicable. The end result is a management-compliant report.
