IT Audits/Security Posture Assistance

---

Penetration testing can also be used to test an organization's IT Department security policies and their adherence to compliance requirements, its employees' security awareness and the organization's ability to identify and respond to security incidents. 

As a former IT Director and Regional Security Officer, we can make sure that your company's IT infrastructor meets industry standards.

IT Audit

An IT Audit is the examination and evaluation of an organization's information technology infrastructure, policies and operations. Information technology audits determine whether IT controls protect corporate assets, ensure data integrity and are aligned with the business's overall goals. IT auditors examine not only physical security controls, but also overall business and financial controls that involve information technology systems.

CIS Critical Security Controls for Effective Cyber Defense is the industry standard Audit for Information Technology Departments.

Basic CIS Controls

1. Inventory and Control of Hardware Assets

2. Inventory and Control of Software Assets

3. Continuous Vulnerability Management

4. Controlled Use of Administrative Privileges

5. Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers

6. Maintenance, Monitoring and Analysis of Audit Logs

Foundational CIS Controls

7. Email and Web Browser Protections

8. Malware Defenses

9. Limitation and Control of Network Ports, Protocols and Services

10. Data Recovery Capabilities

11. Secure Configuration for Network Devices, such as Firewalls, Routers and Switches

12. Boundary Defense

13. Data Protection

14. Controlled Access Based on the Need to Know

15. Wireless Access Control

16. Account Monitoring and Control

Organizational CIS Controls

17. Implement a Security Awareness and Training Program

18. Application Software Security

19. Incident Response and Management

20. Penetration Tests and Red Team Exercises