An exhaustive look at the security of your business network

Benchmarking your security against international standards

You may suspect or know that you have a security issue, or you may be considering implementing a security standard such as ISO27001 for your business.

Whatever the reason, a security audit from IT Lab provides a snapshot of your current situation, highlights any vulnerabilities, plus gives you a clear roadmap to reach the security levels you want to achieve.

The scope of the audit, the testing procedures and the structure of the final report can all be tailored to your specific circumstances.

Our methodology

The audit covers both the technical and non-technical aspects of security. That means our Security Evangelists conduct a full audit of your network, user permissions, firewalls, remote access, anti-virus protection etc. In some circumstances we may need to undertake a full penetration testing exercise as part of your Security Audit. For more information visit the penetration testing section of our website by clicking here.

In addition to the technical aspects, we interview key technical and non-technical staff and review your policies, procedures and documentation. An integral part of the security audit is also assessing your disaster recovery and business continuity plans, and their implementation procedures.

IT Lab’s audit covers the 11 domains from the ISO27001 standard and benchmarks your performance against them:

• Security Policy: management direction & support for information security
• Organisational Information Security: to manage information security within the organisation
• Asset Management: appropriate protection of organisational assets
• Human Resources Security: reducing risks of human error, theft, fraud or misuse of facilities
• Physical and Environment Security: to prevent unauthorised access, damage and interference to business premises and information
• Communications and Operations Management: correct & secure operation of information processing facilities
• Access Control: to control access to information
• Security Requirements of Information Systems: ensuring security is built in
• Information Security Incident Management: ensuring breaches are handled correctly
• Business Continuity Management: counteracting interruptions to business activities and protecting critical business processes from the effects of major failures or disasters
• Compliance: avoiding breaches of any criminal & civil law, statutory, regulatory or contractual Reporting & recommendations

The resulting final report highlights where there are shortfalls and assesses how serious these risks are for your information security. It also proposes solutions to remedy any vulnerabilities.

The report provides a graphical overview grading the severity of issues on a red / amber / green scale and carries a non-technical executive summary.

Whilst there are full technical details provided through out, the report is also easily accessible by a non-technical reader.

Whatever your objectives for conducting a security audit, a bespoke report can be produced to ensure that the structure dovetails with your aims, for example to provide content for a board presentation.

About IT Lab Security Practice

IT Lab’s Security Evangelists are all CISSP-certified with a minimum of 5 years real-world security experience. You benefit from their expertise and knowledge gained from many other security audits.

Our Security Evangelists will pursue any anomaly or area of concern to its ultimate conclusion to ensure they have correctly diagnosed any security issue and not just reported on a symptom.

The benefits for your business

• Assess your information security against international standards
• Audit, testing and report structured around your objectives
• Experienced Security Evangelists with track record of many security audits
• Buy into a deep understanding of security issues and how they relate to business
• Exhaustive auditing methodology means you only need to audit once
• Resulting improvements to your IT performance & security deliver return on investment
• Report tailored to your needs and accessible to non- technical readers
• Protect your business

For more information, call us on 0845 359 0055.