A Security Audit can be performed in different ways, ranging from internal and external security audits to a single design review.
With the rapid development in the security and threat landscape, the security products are changing at a rapid pace. To address the evolution, Prodata Systems offers an audit approach in two steps.
At first, a security design review and advice, based on the infrastructure documentation, is conducted to identify potential weak spots in the global design/infrastructure.
Our approach is a mix of qualitative and quantitative risk analysis:
- Management Controls: Management of the information technology (IT) security system and the management and acceptance of risk
- Operational Controls: Security methods focusing on mechanisms implemented and executed primarily by people (as opposed to systems), including all aspects of physical security, media safeguards, and inventory controls
- Technical Controls: Hardware and software controls providing automated protection to the system or applications (Technical controls operate within the technical system and applications)
Once this review is performed, an audit targeting precisely the weaknesses discovered in the first phase is executed. This approach allows us to pinpoint the specific points for examination, and therefore will provide a better result at a lower cost.
This mixed approach will provide a good way to quickly identify weaknesses in the infrastructure, without any impact/disruption of the production, and at an affordable price.