Security audit

2020-03-20

Security can not be bought as a product. Maintaining the security of IT and OT / SCADA systems and the proper operation of security mechanisms requires the design and implementation of appropriate security measures, substantive preparation of staff as well as ongoing and periodic auditing of the security status. CLICO specializes in security audits of IT systems and OT / SCADA industrial automation control systems. The main purpose of auditing services is to provide a reliable assessment of the tightness, reliability and performance of security systems and ensuring they comply with requirements of the law and industry regulations.

 

20 years of experience and skills

The first security audit of the bank's IT system was carried out by CLICO in 1998. Current CLICO auditing services are delivered by a team consisting of certified security analysts, pen-testers and security engineers specializing in a variety of technologies. Permanent members of the audit team at CLICO hold the following certificates: (ISC)2 CISSP & Instructor, EC Council CEH & Instructor and EC Council CCISO & Instructor.

 

The scope of basic auditing services:

  1. External and internal penetration tests of infrastructure and network applications.
  2. External and internal penetration tests and security analysis of interactive Web applications.
  3. Analysis of IT security in the area of maintaining operational continuity of important business processes in the organization.
  4. OT / SCADA security analysis in the area of maintaining operational continuity of important industrial network processes.
  5. Analysis of the correctness of the project and configuration of network security measures (firewall, WAF, DLP, etc.) in terms of compliance with security design principles, security standards and good practices.
  6. Analysis of the configuration of indicated devices and IT systems in accordance with the security checklist (CIS, NSA, system manufacturers).
  7. Verification of the implementation and quality of ICT security management tools (SIEM, UEBA, NBA, etc.).
  8. Evaluation of Security Awareness in the organization (socio-technical tests of employees, software verification, etc.).
  9. Evaluation of the preparation of technical security measures of the organization to meet the requirements of GDPR and the Act on the National Cyber Security System.

 

Security tests are usually carried out in the form of practical evaluation testing whether the applied security measures adequately respond to attacks and whether the systems are resistant to real threats (e.g. penetration attempts, unauthorized access and intrusion, DoS attacks, malware propagation, network listening, etc.).  To ensure the credibility of tests, they are carried out using real techniques used by cybercriminals. Web application security tests are carried out in accordance with the methods and tools recommended by the Open Web Application Security Project (OWASP) and using methods and tools developed by the CLICO team (including our own methodology of testing Web Services)

 

For further information on CLICO security audits, please contact: .....................