EN | HU

Security audit

The service

In the information security audit assignments we assess the security risks of the reviewed information system; assign them into risk categories and develop recommendations to decrease the identified security risks.

The question can naturally arise that what parts does an information security audit have?

In order to answer this question we have to recall the definition of information system: “The information system does not only consist of the information and telecommunication technologies, but the way of interaction between the human factor and the technologies during the support of the business processes.”1. Namely, security audits should not only focus just on technology, but on the surrounding formalized or informal procedures as well.

This idea is absolutely accepted by the information security professionals, since it is well known that technology itself does never include security risks, security factors always arise in the course of its human usage.

Based on the idea above information security audits have two main parts: process audit and system audit. In the course of the process audit we compare the processes of the information system to the relevant international standards (e.g., CobiT2, ITIL3), and the domestic and international best practices. In system audits we review the security architecture and configuration of the information and telecommunication technology.

We recommend it for organizations

  • implementing new information system
  • where the continuous and low-risk IT operation is very important for the business operation
  • which have to be compliant with legal requirements such as Act XXII/20044, or regulation 345/2004 5

Why choose us?

  • since we have significant experience in performing and managing security audits
  • since we have deep technical knowledge regarding several platforms
  • since we have relevant experiences in the implementation of IT architectures defined in the audit recommendations
  • since we are able to interpret the identified security risks to the management of the organization

References

  • 1Kroenke, David M., Experiencing MIS, 2nd edition, Prentice-Hall (2009)
  • 2 Control Objectives for Information and Related Technology
  • 3 IT Infrastructure Library
  • 42004. évi XXII. törvény a befektetők és a betétesek fokozott védelmével kapcsolatos egyes törvények módosításáról
  • 5345/2004. (XII.22.) Kormányrendelet az elektronikus hírközlési szolgáltatás minőségének a fogyasztók védelmével összefüggő követelményeiről